Is Authenticator safe to use?

Authenticator has a risk level of MEDIUM with an overall risk score of 5.9/10. Our scan detected 50 security findings. This extension has some risks worth reviewing.

What permissions does Authenticator request?

Authenticator requests the following permissions: activeTab, storage, identity, alarms, scripting, clipboardWrite, contextMenus.

What is Authenticator's risk score?

Authenticator has an overall risk score of 5.9/10 (MEDIUM). Breakdown: Permissions 5.0/10, Code 10.0/10, Combinations 0.0/10, CSP 1.0/10.

ExtSafe

AuthenticatorSecurity Analysis

Chromev8.0.1MV3February 16, 2026 at 03:09 PM

5.9MEDIUM

5.9 MEDIUM

This extension shows some risk signals that are common in legitimate extensions but worth reviewing. Check the details below.

Based on 7 permissions analyzed, 47 code findings.

Permissions

5.0/10

Code

10.0/10

Combinations

0.0/10

Manifest/CSP

1.0/10

Permissions(7 analyzed)

Code Findings(14 patterns, 47 total)

Content Security Policy

CSP Present(1 issue)

LOW

object-srcobject-src not restricted

object-src is not set to 'none'. Plugins like Flash can be embedded, which may allow code execution.

Manifest Analysis(0 findings)

Resolved from __MSG_* i18n placeholders:

Name: Authenticator

Description: Authenticator generates two-factor authentication codes in your browser.

No manifest-level concerns found.

External Domains(12)

*.dropboxapi.comaccounts.google.comapi.dropboxapi.comauthenticator.cccontent.dropboxapi.comgithub.comgraph.microsoft.comlogin.microsoftonline.comotp.eewww.droidfonts.comwww.dropbox.comwww.googleapis.com