Tell HN: Google Authenticator lost all of my codes
1 day ago
Hi HN,
Today I opened Google Authenticator and found all of my codes were gone. Naturally I neglected to back them up, and I'm permanently locked out of some of my accounts. You know what they say about being dumb, Disaster Usually Motivates Backups.
I assume this was triggered by an automatic update of the app, so I wanted to warn people who might get burned by the same issue.
I use Authenticator Pro on Android. It offers backup and it's own encryption password --- not the same as the Android phone access key. Every authenticator app should do this in my opinion.
https://github.com/ispwd/AuthenticatorPro
In addition to this app, I keep all my passwords in a text file encrypted with AES256. And yes, my secret tokens used for 2FA are included in this file --- not the best but very convenient as I only have one file to backup.
I wrote my own simple Windows command line utility to decrypt this file in memory, search for an identifying string, retrieve the secret token and generate 2FA time based codes as needed.
As a backup to my phone, I keep this small utility and my password file (along with other crucial documents) on a micro-SD card which is further encrypted by BitLocker. This is attached to my watch strap which goes everywhere with me --- even the shower. The data is as safe as I am, if not safer.
https://www.thingiverse.com/thing:6784665
Unfortunately related: Tell HN: 2FA code for Google account gone after Google Authenticator update https://news.ycombinator.com/item?id=42510300
Use a cloud sync solution like 1Password or Bitwarden. That way all your 2FA is in the cloud and available on all your devices.
It is less secure but way more convenient.
When your password and the time passcode are stored in the same database thats literally not 2FA (second factor).
Rather use apps like Authy or Ente on your phone(something that you have) that could sync.
It is less secure than 2FA on a phone but more secure than without. (ie: your password leaking/hacked and the source is not bitwarden).
The irony is that what appears to be the update which messed me up was to introduce cloud sync.
If you're starting over, use Bitwarden Authenticator:
https://bitwarden.com/products/authenticator/
Supports import & export, which is something Authy -- what I used to recommend instead of Google Authenticator -- does NOT support.
How is that different than Google Authenticator backups?
I personally use Authy, free, without cloud sync. When I upgrade my iphone (typically every year) all codes are in the new phone. As easy as it should be.
Does anyone know what other apps “survive” phone upgrade, maybe not just iphone but android too?
What if you lose your phone?
With Ente Auth it's possible to export 2FA to textfile.
Then it's possible to import it at numberstation at Linux, and some 2FA apps at Ubuntu Touch.
For passwords, keepassxc reboot.
Fool me once … It used to not even have a way to backup. Having your auth keys on your phone is not actually a good idea.