Two factor authentication It has become an essential safety precaution for many people, but it can also be a source of anxiety. When you change or update phones, Google Authenticator does not automatically migrate codes, you must do it manually.
Fortunately, it is not difficult to move Google Authenticator codes from one device to another, although, it is true, it can be somewhat cumbersome and slow. Google intended this, more or less, by design.
So it shouldn't be too easy to retrieve authentication codes from anywhere, except the device you are using for your two-factor authentication, or the total value of the 2FA would be debatable.
However, this is what you need to know to get Google Authenticator and all your authentication codes from an old mobile to a new one. Whether you're jumping platforms or staying within the iOS or Android universes, the process is the same.
Move Google Authenticator to a new mobile device
First, don't do anything to the Google Authenticator copy on your previous mobile. Leave it for now, or you could get caught without a way to enter 2FA codes before setting up the new mobile. Start by installing Google Authenticator on your new device, either Google Authenticator for iPhone or Google Authenticator for Android.
Next, you will need your computer. Open the Google 2-step verification page in a browser and access your Google account when prompted. In the "Authenticator application" section of the page, click on "Change phone".
Choose the type of mobile you are migrating to and click on "Next".
You should now see the full screen "Configure Authenticator", with barcode. Open Google Authenticator on the new device and follow the instructions to scan the barcode. Touch "Settings" and then "Scan a barcode."
After scanning, you will have to enter the code at one time to verify that it is working.
Transfer your Google Authenticator codes to other sites
Congratulations! Now you have moved the Google authentication code to the new device, but that's it. The only service you have set up is Google. You probably still have a lot of other applications and services connected to Google Authenticator.
Maybe Dashlane, Slack, Dropbox, Reddit and others. You will have to migrate each of these, one at a time. This is the part that consumes a lot of time when we mention it above.
But the general process is simple, even if you need to find the configuration. Choose a site or service that appears on your previous copy of Google Authenticator (on the previous phone) and sign in to your website or open the application. Find the 2FA configuration of that site. It is probably in the account, password or security section of the website, although, if the service has a mobile or desktop application, it could be there.
Example: 2FA configuration for Dashlane is in the desktop application, not on the website. While Reddit puts the 2FA controls on the site in the "User Settings" menu, in the "Privacy and security" tab.
Once you find what you are looking for, disable 2FA for this site. You should probably enter the site password, or possibly the authentication code. So you want to have on hand the old mobile and your copy of Google Authenticator.
Finally, re-enable 2FA, this time scanning the QR code with Google Authenticator on the new mobile. Repeat that process for each site or service listed in your previous copy.
Enable 2FA on more than one device at a time
In a perfect world, 2FA allows you to confirm your credentials using a mobile phone or some other device that you carry with you all the time, to which only you have access.
This makes it very difficult for hackers to fake the system because unlike getting codes via SMS, it is not especially secure. There is no easy way for bad guys to obtain a two-factor authorization delivered through a local application that exists only in your pocket.
This is what happens behind the scenes. When you add a new site or service to Google Authenticator, use a secret key to generate a QR code. That, in turn, informs your Google Authenticator application how to generate an unlimited number of time-based single-use passwords.
Once you scan the QR code and close the browser window, that particular QR code cannot be regenerated, and the secret key is stored locally on your mobile.
If Google Authenticator were able to synchronize on multiple devices, then the secret key or your resulting authentication codes would have to live in the cloud somewhere, making it vulnerable to hacking.
That's why Google doesn't allow you to synchronize your codes between devices. However, there are two ways to maintain authentication codes on several devices at the same time.
First, when you add a site or service to Google Authenticator, you can scan the QR code on multiple devices at once. The website that generates the QR code does not know that you have scanned it.
You can scan it on any number of additional mobile devices, and each copy of Google Authenticator that you scan with the same barcode will generate the same six-digit code.
However, we do not recommend doing it this way. First, you are proliferating your authentication codes to multiple devices that can be lost or stolen. But, more importantly, since they are not really synchronized, you run the risk that the different devices are not synchronized with each other.
If you need to disable 2FA for a particular service, for example, and then re-enable it on a device, you may no longer know which device has the most current and correct authentication codes. It is a disaster waiting for it to happen.
Use Authy to make this easier.
It is possible to synchronize authentication codes across devices. But you just can't do it with Google Authenticator. If you want the flexibility of having all your 2FA codes on multiple devices, we recommend Authy.
It works with all sites and services that use Google Authenticator. And encrypt the codes with a password you provide and store them in the cloud. This facilitates the migration of multiple devices and encrypted cloud-based synchronization, which offers a balance of security and convenience.
With Authy, you don't need to configure two-factor authentication for all your devices every time you move to a new device. We recommend changing Google Authenticator to Authy to facilitate the process of migrating new mobiles in the future.