Google Authenticator Backups – The Right Way To Do Two Factor Authentication

Google Authenticator LogoGoogle Authenticator provides a neat way to use 2-Factor Authentication (2FA). But it has a massive downside that is mostly ignored.

If you lose/reset/replace your phone (which is normally your primary 2FA device) then you’re completely screwed.

Why? Because all your two-factor authentication codes are gone, and never to be seen again.

The huge effort in recovering from this sort of mini-disaster makes me cry.

But don’t worry, we have found the solution to this, that will end all your Google Authenticator woes. 😀

You have a two-factor authentication disaster just waiting to happen

Google Authenticator works by using an App (of the same name) on your phone. You scan the QR codes and it saves the 2FA account on your phone.

There is no easy way to move this App from off your phone to anywhere else. In fact, you can’t even export these codes.

You’re pretty much stuck.

If this phone, or even just the Google Authenticator app, disappears you’re going to get burnt so bad from this you’ll never want to use 2FA ever again.

Which is a huge pity, as it’s a great security layer.

So what are your options?  We’ve experimented with a few different approaches because we’ve also been burnt in the past.  But we found only one way to solve this problem once and for all.

Enter: Authy App, with Google Authenticator integration

Authy is a fully-fledged two-factor authentication service. But don’t get this confused with Google Authenticator. They’re completely different.

What I’m referring to specifically is the Authy App. You see, the Authy App also handles Google Authenticator 2FA code registration. This means that instead of using the official Google app, you’ll now use the Authy App instead.

But isn’t the problem of your losing your phone exactly the same?

No. Because with an Authy account you can now backup your Google Authenticator codes off your phone (to your Authy account via the app).

Oh yes, you read that right. You now have Google Authenticator backups! 😀

What happens if you lose/reset your phone? You just download the Authy App and retrieve your Google Authenticator codes from their backup.

It’s really as easy as that!

You must replace your existing Google Authenticator codes

All those codes you currently have running on the original Google Authenticator app will have to be transferred to your new Authy app.

You can’t transfer them directly, so it’s more of a “turn it off and on again” process. These are the basic steps:

For every Google Authenticator account you have:

  1. Go to the original service for the account and remove Google Authenticator 2FA.
  2. Re-enable Google Authenticator for that account
  3. Use the Authy App instead of Google Authenticator app to register the account.

It might be a bit tedious, but if you’ve already experienced the pain that comes with losing your GA codes, then you’ll agree some tedium is a cheap price to pay for the huge upside.

Thoughts or Questions?

Pretty useful, right? The reality is that we wouldn’t use Google Authenticator without this backup option. The cost in time and resources each time a phone is replaced is huge and for some reason, this restriction is being completely over-looked by anyone who uses or recommends it.

Please share this and get the word out – there nearly always is a better way to do things.  We hope this helped you!

Join the discussion 4 Comments

  • This also concerns me. Big issue.

    I’ve deliberately not used the app, but have used the option to have a code texted to my phone by Google. This will work as long as I keep the number (even if I get the SIM replaced), but not so well if I’m overseas, especially if I switch to a local SIM or lose my phone…

    I’ll check out Authy. Thanks.

    View Comment
    • Paul G. says:

      Hey Chris, thanks for your comment.

      Yep, I’ve resisted SMS because, like you say, if you’re not in a place with decent coverage, or you’re travelling, you’re stuck again.

      Would love to hear what you think of the Authy app approach once you give it a go.
      Thanks again!

      View Comment
  • Roy Randolph says:

    Hi Paul

    Same here, have some other control panels that is using Google Authenticator, I have not implemented because of the same issue.
    Will give this a go and see how well it works. But you know if you are in an area with decent coverage for SMS while traveling, that means more than likely your data to the internet is going to be spotty as well.

    Thanks for the heads up on this.

    View Comment
    • Paul G. says:

      Hey Roy,

      Yep, it’s true about SMS, but with Google Authenticator, you don’t need data at all, so it’s useful to have GA and SMS as the fallback – assuming that the service supports it. Google itself certainly does.

      Hope it goes as well for you as it has done for us.
      Thanks for your comment!

      View Comment

Leave a Reply