How to backup Google Authenticator? - page 2.

01BTC10

vip

Activity: 756

Merit: 503

Quote from: pekv2 on May 10, 2013, 03:08:41 PM

You can also not only backup the code, but as well as run google authenticator on your windows pc.

http://code.google.com/p/gauth4win/downloads/list

Won't this defeat the purpose to have 2FA in the first place?

DeathAndTaxes

donator

Activity: 1218

Merit: 1079

Gerald Davis

@glon Well depending on the site you may have options.
If the site still shows the authenticator code you can print it after the fact.
If the site allows you to change the authenticator code you could change it and in doing so completing the steps above.
If the site allows you to disable the authenticator code then do so and then enable it completing steps above.
If the sties doesn't allow you to change, disable, or show you the authenticator code you probably will need to request the admin remove authenticator from your account.

glon

full member

Activity: 181

Merit: 100

Quote from: DeathAndTaxes on May 10, 2013, 11:44:34 AM

The QR code contains the shared secret (which is what synchronizes the codes on your smartphone and the site's backend server. Same shared secret + same time means both you and site generate the same code in sync. The shared secret is simply a number. The QR code also contains some less important information like "display name".

So if you have a backup of the QR code you use it to "setup" another smartphone

1) When you setup 2FA before you scan the QR code print it out.
2) Instead of scanning the QR code on screen scan the printout (this verifies the printout was correct, no printing errors rending it unreadable).
3) Complete the 2FA setup.
4) Now just label the printout.
5) Store the all your labeled google authenticator QR codes in a safe place (like fireproof safe or safety deposit box).

Hi, what if I've already completed point 3 before even thinking about doing 1/2? Thanks!

pekv2

hero member

Activity: 770

Merit: 502

You can also not only backup the code, but as well as run google authenticator on your windows pc.

http://code.google.com/p/gauth4win/downloads/list

Lohoris

hero member

Activity: 630

Merit: 500

Bitgoblin

Quote from: trigeek on May 10, 2013, 12:00:27 PM

You can use titanium backup free to back up the data for the google authenticator android app to your sd card. be careful with the backup though- it's best to store it somewhere else password protected vs. on your phone.

Will only work if his phone is rooted.

trigeek

sr. member

Activity: 252

Merit: 250

Quote from: nii236 on May 10, 2013, 09:33:24 AM

Hello everyone,

I am trying to improve my online security by using 2 factor authentication through Google Authentication. I've set it up for MtGox and BTCT but I am concerned about what will happen if I lose my phone or it gets stolen. I will lose access to absolutely everything! Or I install a ROM on top of the phone and lose all my data because I forget to backup.

What is a commonly accepted way of backing up one's Google Authenticator database? Ideally it would be a single file that I can load back into Google Authenticator or something that will be stored offline somewhere (putting it in cloud storage might not make sense in this case).

Thanks in advance.

You can use titanium backup free to back up the data for the google authenticator android app to your sd card. be careful with the backup though- it's best to store it somewhere else password protected vs. on your phone.

DeathAndTaxes

donator

Activity: 1218

Merit: 1079

Gerald Davis

The QR code contains the shared secret (which is what synchronizes the codes on your smartphone and the site's backend server. Same shared secret + same time means both you and site generate the same code in sync. The shared secret is simply a number. The QR code also contains some less important information like "display name".

So if you have a backup of the QR code you use it to "setup" another smartphone

1) When you setup 2FA before you scan the QR code print it out.
2) Instead of scanning the QR code on screen scan the printout (this verifies the printout was correct, no printing errors rending it unreadable).
3) Complete the 2FA setup.
4) Now just label the printout.
5) Store the all your labeled google authenticator QR codes in a safe place (like fireproof safe or safety deposit box).

Jasmin68k

newbie

Activity: 46

Merit: 0

TBH I don't know what different websites put into their QR codes, probably depends on the website.

With MtGox what you need to make a backup of (copy/paste, screenshot etc.) is called "Secure Private Key".

If you use the authenticator I used as an example above, you can then generate the OTP with "java -jar JAuth.jar -secret=YOURSECUREPRIVATEKEY".

For other websites and/or authenticator apps it's basically the same procedure. So in essence you don't need a phone at all, if you don't want to use one.

nii236

member

Activity: 85

Merit: 10

Thanks. So the QR code that I scan is the backup itself? Good to know. However you can't copy the MtGox one for some reason. I'll have to take a screenshot or something.

Jasmin68k

newbie

Activity: 46

Merit: 0

Whenever you register for 2FA you get something called "secret key" or "shared secret" etc.

That is what you need to take a backup of.

Without your phone this secret key can be put into a variety of different apps/scripts etc. to generate the OTP just like your phone would have done it.

One example of such a simple authenticator would be this one: https://github.com/mclamp/JAuth

nii236

member

Activity: 85

Merit: 10

Yes, but that is only for Google accounts. What about MtGox and BTCT and others?

Endgame

sr. member

Activity: 412

Merit: 250

Just create some backup codes and store them in a safe place, then if you lose your phone you can simply log in with backup code and turn off 2 factor. See here for instructions: http://support.google.com/accounts/bin/answer.py?hl=en&answer=1187538

nii236

member

Activity: 85

Merit: 10

Hello everyone,

I am trying to improve my online security by using 2 factor authentication through Google Authentication. I've set it up for MtGox and BTCT but I am concerned about what will happen if I lose my phone or it gets stolen. I will lose access to absolutely everything! Or I install a ROM on top of the phone and lose all my data because I forget to backup.

What is a commonly accepted way of backing up one's Google Authenticator database? Ideally it would be a single file that I can load back into Google Authenticator or something that will be stored offline somewhere (putting it in cloud storage might not make sense in this case).

Thanks in advance.

Topic: How to backup Google Authenticator? - page 2. (Read 47068 times)