19

I broke my cellphone which had the Google Authenticator app and several other accounts attached to it for two factor authentication like Dropbox, Evernote, AWS, etc. Now I got a new phone and installed the Google Authenticator app on it as per the instructions given here - https://support.google.com/accounts/answer/185834?hl=en#phone

But now in this app I don't see codes for other accounts (Dropbox, Evernote, etc.). Is there a way to get all of them migrated to this new app or I need to recreate them? Also, if I need to recreate them, how do I do it, because Evernote won't even let me sign in from any device w/o two factor authentication code. I can use backup codes for some accounts, but I don't have backup codes for all of them?

Please provide some suggestions. Thank you.

theharshest
  • 291
  • 1
  • 2
  • 5

4 Answers4

5

This is actually what you have to use backup codes for. If you can still access your old device and it's rooted you can backup the database and restore it on your new phone.

However, if you can no longer access your old phone and you do not have recovery codes you have to contact their support and sort it out with them.

This is the purpose of two-factor authentication, if the second factor is inaccessible you can no longer access your account. If someone knows your password they can't do anything without your phone aswell.

This is also why services like authy are really sketchy due to the second factor not being offline-only.

Community
  • 1
Nothing4You
  • 51
  • 1
  • 3
  • Thanks. I have noticed that not all services that provide two-factor authetication, give the option of backup codes. Unfortunately my device is not rooted, so I need to contact support for the accounts I don't have backup code. – theharshest Dec 27 '14 at 04:57
4

If you have a backup application, you may be able to back up the app's data, sync it to the cloud, and restore it on the other device. The one time I tried that it just made Authenticator crash on startup.

If you saved the secret keys you're given, which is a good idea as long as they're secure and separate from your passwords, you can re-enter them on a new phone by finding a secure QR-code generator (a local or JS-based one that doesn't send the data to any server) and formatting each one like this:

otpauth://totp/LABEL:USERNAME?secret=SECRET&issuer=ISSUER&counter=N

Turn that into a QR-code and Authenticator will scan it. Or find a tool that will do both:

http://dan.hersam.com/tools/gen-qr-code.html

If you have any "counter" based codes, you'll need to know how many times you used it, which could be problematic, but those are fairly rare.

If you didn't save the secrets, your only option is to recover the database from the application, either from a backup or directly from the device. It's under:

data\com.google.android.apps.authenticator2\databases\databases

You can open that up with sqlite3.exe or any SQLite UI.

sqlite> .headers on
sqlite> select * from accounts;

You'll get a table with the secrets, counters, etc., that you need to use.

If you can't get the database from authenticator, then you have no choice but to use whatever mechanism is available for each site. It's very rare that a site will ever give you the secret for a second time, generally the best you can do is get in some other way, disable 2FA and re-enable it with a new secret.

Tim Sylvester
  • 141
  • 3
  • 1
    Don't use .mode column - in my case when I did that it limited each column to 16 characters - meaning if your secret is longer than that (which some are) you will not get the full secret. – ChrisJ Sep 21 '16 at 16:24
3

Here is what I did when I migrated to a new device:

  1. Install the Authenticator App on the new device

  2. Go to the 2-step verification site

  3. I then clicked on "Switch to SMS/voice"

    • You can try to click on "move to a different phone"

2-step 1. I then had authenticator text me the verification code so I could sign in with my google account on the phone.

  1. I then opened the authenticator app and set it up like it was the "first time" I used 2-step authentication.

  2. Visit the "Help Page" in evernote to see if you can gain access without a backup code. When you first enable 2-step in evernote, they require you to get a text message before you can enable authenticator app. So if I lose my backups, I can still gain access by having them SMS a code to my phone. Or, if that fails, and I don't have codes, I can try and contact support. Evernote

After signing up, I logged out, then logged back in. On the page to enter the code, I clicked on "I need help getting a verification code". Code

Ryan Conrad
  • 22,673
  • 9
  • 58
  • 81
  • My problem starts where your solution ends, i.e. from point 4. I have already done what you have said above. My problem is that I don't want to set it up like it is the "first time" as you have mentioned. – theharshest Dec 27 '14 at 05:26
  • The only thing I can think of for the other services is to go and get the "secret key" from them and reconfigure authenticator. – Ryan Conrad Dec 27 '14 at 05:39
  • 1
    right, but 'go and get the "secret key"' is possible only for the accounts in which I can login somehow (either from a trusted device or backup code). But what if I can't login to those accounts. – theharshest Dec 27 '14 at 06:35
  • I am not familiar with evernotes implementation of 2-step, but I know if I can't log in to dropbox, and I don't have the fallback code, I can have a code set via SMS to my phone. – Ryan Conrad Dec 27 '14 at 06:37
  • That is the case when you have chosen "receive an SMS" option over "authenticator app" option to get the code. I have latter option enabled in all the services. Now, I cannot change this until I login, hence stuck. – theharshest Dec 27 '14 at 06:42
  • 1
    I just signed up for 2-step on evernote and updated my answer with the info. – Ryan Conrad Dec 27 '14 at 06:56
  • There doesn't seem to be an option in this page anymore, or it doesn't work for Google Apps users: https://myaccount.google.com/security Any idea where to go now? – jdog Sep 01 '16 at 01:43
2

As of April 23, 2020, Google Authenticator was updated to version 5.10 with a new feature:

What's new

  • Added the ability to transfer accounts to a different device, e.g. when switching phones
  • [...]

This feature allows to transfer (and possibly long-term backup?) selected accounts with QR code. Note that this approach only works if the source device is still working.

To export the accounts:

  1. Open Google Authenticator app
  2. Tap the overflow (3 vertical dots) menu on the top right
  3. Select "Transfer accounts"
  4. Select "Export accounts"
  5. Verify yourself on the lock screen
  6. Select accounts to be exported (default: all)
  7. Tap the "Next" button
  8. The QR code will be generated and shown

To import the accounts:

  1. Open Google Authenticator app
  2. Tap the overflow (3 vertical dots) on the top right
  3. Select "Transfer accounts"
  4. Select "Import accounts"
  5. Press the "Scan QR code" button
  6. Scan the QR code
Community
  • 1
Andrew T.
  • 15,988
  • 10
  • 74
  • 123