The recent Google Authenticator update enabling synchronization between Google accounts and the Google Authenticator app may cause security breaches on your Haru Invest account and other accounts using the Google Authenticator.
For Haru Invest members using the Google Authenticator, we strongly suggest you disable the Google Cloud sync feature for your two-factor authentication (2FA).
How to disable the new sync feature:
- Open your Google Authenticator app, make sure the sync is enabled on the upper-right corner.
- Click the three-line menu on the left and navigate to “Transfer accounts” to export and back up your tokens.
- Delete all the accounts from the Google Authenticator which will un-sync and remove your accounts from the Google Cloud.
- Tap on your profile picture in the upper-right corner and choose “Use Authenticator without an account”.
- You will then be able to see the Cloud no longer synced. You can then import the backed up tokens from step 2 or add new ones.
To use an alternative OTP generator for two-factor authentication, you can also use Authy as mentioned on this Help Center article.