Originally posted on theverge.
It’s a little more complicated than just copying data
Two-factor authentication (2FA) is one of the best and easiest ways to keep your online accounts secure. They work by issuing an authentication code on your phone when somebody tries to access the account; if that person doesn’t have the code, they (or you) don’t get in. By using a 2FA app, such as Google Authenticator or Authy, you can prevent somebody from accessing your data by getting your password. (You can have a code texted to you, but that is considered far less secure due to the rise of so-called SIM hacking.)
There is, of course, a catch. Because 2FA uses a key specific to your phone, if you lose or break your phone, you can’t simply reinstall the app on your new phone and go on from there. You need to transfer the key code for that phone as well as the app itself.
Different authentication apps handle this in different ways. In this article, I’m going to look at Google Authenticator, including the easiest way to transfer the app to a new phone if you do have access to the old one, and how you can prepare for a possible problem (like a broken phone).
Google Authenticator lets you establish 2FA by using your phone to scan a QR code generated by the app on a separate device or by entering a key code. It’s a relatively easy process — unless you find you have to move the app to a new phone.
Because 2FA uses security keys that are specific to each piece of hardware, you can’t simply reinstall Google Authenticator on your new phone and use it to log in. Instead, you have to transfer the keys to your new app.
The easiest method, especially if you use 2FA with several apps, is to use the Authenticator app’s dedicated transfer feature to move your keys from one phone to the other. However, there are several assumptions here: first, that you need access to both the old and new phone, and second, you’ll need Android devices. If either of these assumptions doesn’t work for your situation, there are other methods you can use, which we’ll cover next.
TRANSFER YOUR AUTHENTICATOR KEYS VIA ANDROID
If you’ve got two Android phones, you can transfer your accounts to a new phone by exporting them via a QR code generated by the Authenticator app.
- Open Google Authenticator on your older phone
- Tap on the three dots on the top right of the screen and select “Transfer accounts”
- Select “Export accounts.” You may be asked to verify your identity via a fingerprint, password, or another method.
- Select which accounts you want to export by checking them off. Tap “Next.”
- You’ll be shown a QR code
- Go to your new phone. Follow the instructions above, but select “Import accounts.”
- You’ll be given instructions on how to export your accounts from the older phone. Since you already know how to do that, just select “Scan QR code.”
- Scan the code on your old phone with your new phone
ALTERNATIVE METHOD #1: USE YOUR BACKUP CODES
When you set up an app to use Google Authenticator, before the process is completed, you are given a set of four backup codes and asked to print them out or otherwise save them. (In fact, Google will ask you to enter one of the codes into a field before it will finish the installation, just to make sure you have saved them.)
And you definitely do want to save them; print them out and put them somewhere safe or create a PDF and save it where nobody else can access it. If your phone goes south, these codes will be a good way to reestablish authentication on your new phone — assuming, of course, you haven’t misplaced the codes.
This is also a way to reestablish your keys on a new iPhone.
ALTERNATIVE METHOD #2: TAKE A SCREENSHOT OF THE BARCODE
One way to create a backup in case you lose your phone is to take and save a screenshot of the barcode that is created for each 2FA-secured app. If you’ve mislaid your backup codes, but you’ve saved a screenshot of the QR barcode that you originally used to create your app’s authentication, you can use that screenshot to establish your credentials on a new phone.
Just throw the screenshot up on your computer, install Google Authenticator on your new phone, and use the plus sign on the app to scan the barcode. (You can also enter the setup key code if that’s what you saved.) Do this for each of your apps, and you’ll be all set.