Google Authenticator Backups – The Right Way To Do Two Factor Authentication

Google Authenticator LogoGoogle Authenticator provides a neat way to use 2-Factor Authentication (2FA). But it has a massive downside that is mostly ignored.

If you lose/reset/replace your phone (which is normally your primary 2FA device) then you’re completely screwed.

Why? Because all your two-factor authentication codes are gone, and never to be seen again.

The huge effort in recovering from this sort of mini-disaster makes me cry.

But don’t worry, we have found the solution to this, that will end all your Google Authenticator woes. 😀

You have a two-factor authentication disaster just waiting to happen

Google Authenticator works by using an App (of the same name) on your phone. You scan the QR codes and it saves the 2FA account on your phone.

There is no easy way to move this App from off your phone to anywhere else. In fact, you can’t even export these codes.

You’re pretty much stuck.

If this phone, or even just the Google Authenticator app, disappears you’re going to get burnt so bad from this you’ll never want to use 2FA ever again.

Which is a huge pity, as it’s a great security layer.

So what are your options?  We’ve experimented with a few different approaches because we’ve also been burnt in the past.  But we found only one way to solve this problem once and for all.

Enter: Authy App, with Google Authenticator integration

Authy is a fully-fledged two-factor authentication service. But don’t get this confused with Google Authenticator. They’re completely different.

What I’m referring to specifically is the Authy App. You see, the Authy App also handles Google Authenticator 2FA code registration. This means that instead of using the official Google app, you’ll now use the Authy App instead.

But isn’t the problem of your losing your phone exactly the same?

No. Because with an Authy account you can now backup your Google Authenticator codes off your phone (to your Authy account via the app).

Oh yes, you read that right. You now have Google Authenticator backups! 😀

What happens if you lose/reset your phone? You just download the Authy App and retrieve your Google Authenticator codes from their backup.

It’s really as easy as that!

You must replace your existing Google Authenticator codes

All those codes you currently have running on the original Google Authenticator app will have to be transferred to your new Authy app.

You can’t transfer them directly, so it’s more of a “turn it off and on again” process. These are the basic steps:

For every Google Authenticator account you have:

  1. Go to the original service for the account and remove Google Authenticator 2FA.
  2. Re-enable Google Authenticator for that account
  3. Use the Authy App instead of Google Authenticator app to register the account.

It might be a bit tedious, but if you’ve already experienced the pain that comes with losing your GA codes, then you’ll agree some tedium is a cheap price to pay for the huge upside.

Thoughts or Questions?

Pretty useful, right? The reality is that we wouldn’t use Google Authenticator without this backup option. The cost in time and resources each time a phone is replaced is huge and for some reason, this restriction is being completely over-looked by anyone who uses or recommends it.

Please share this and get the word out – there nearly always is a better way to do things.  We hope this helped you!

Join the discussion 10 Comments

  • This also concerns me. Big issue.

    I’ve deliberately not used the app, but have used the option to have a code texted to my phone by Google. This will work as long as I keep the number (even if I get the SIM replaced), but not so well if I’m overseas, especially if I switch to a local SIM or lose my phone…

    I’ll check out Authy. Thanks.

    View Comment
    • Paul G. says:

      Hey Chris, thanks for your comment.

      Yep, I’ve resisted SMS because, like you say, if you’re not in a place with decent coverage, or you’re travelling, you’re stuck again.

      Would love to hear what you think of the Authy app approach once you give it a go.
      Thanks again!

      View Comment
  • Roy Randolph says:

    Hi Paul

    Same here, have some other control panels that is using Google Authenticator, I have not implemented because of the same issue.
    Will give this a go and see how well it works. But you know if you are in an area with decent coverage for SMS while traveling, that means more than likely your data to the internet is going to be spotty as well.

    Thanks for the heads up on this.

    View Comment
    • Paul G. says:

      Hey Roy,

      Yep, it’s true about SMS, but with Google Authenticator, you don’t need data at all, so it’s useful to have GA and SMS as the fallback – assuming that the service supports it. Google itself certainly does.

      Hope it goes as well for you as it has done for us.
      Thanks for your comment!

      View Comment
  • Roel says:

    You could also print out the original 2FA signup bar code’s and keep those in a safe place. Then re-scan then if needed.

    View Comment
    • Paul G. says:

      Yep, that’s definitely true. This solves a certain use-case, but it doesn’t help with the problems:

      – many services don’t give out backup codes
      – your safe place is nowhere near you when a disaster strikes
      – paper can easily get lost or destroyed
      – scalability. If you have 100s of services with backup codes (assuming they provide them), you’ll need to be pretty awesome with your organisation skills for all your “safe” data). Furthermore, if you ever reset your 2FA, you’ll have to go back and “update” your safe backup codes.
      – how safe is “safe”? There is any possibility that your safe place is compromised and a) you don’t know about it until it’s too late; b) both your primary code source and safe place are destroyed at the same time.
      – you need a printer; you need paper/trees.

      Backup codes are definitely useful, but you have to run scenarios against your backups to determine if they’re the best fit for your needs. If it works for you, then perfect, you should use it! I’ll personally stick with Authy until it proves to be untenable, for any reason. 🙂


      View Comment
  • Louis Uhls says:

    Can this be used to unlock your Google accounts/phone if you’ve already lost your phone? I lost my Pixel phone a month ago, and of course 2FA is activated on that phone and of course I try to log into my account and it wants the code that was sent to my lost phone. I have a new phone now with a new number. Thanks

    View Comment
    • Paul G. says:

      Yep, it could. If you don’t have a phone to use it on, grab a friends phone and put it on there to get your auth codes temporarily.

      Also, you said “it wants the code that was sent to my lost phone”… Google Authenticator codes aren’t “sent” to your phone. So perhaps we’re not talking about the same thing.

      View Comment
  • John Zehr says:

    Thanks for the post. Having recently been the “victim” of losing my Authenticator setting, I needed this.

    I installed Authy, but in trying to activate it, I see a message that says “Multi-device is disabled. To enable open Authy on your other device and go to Settings -> Devices.”

    I can’t figure out what the heck I’m supposed to do. Any ideas?

    View Comment

Leave a Reply