Hi HN,<p>Today I opened Google Authenticator and found all of my codes were gone. Naturally I neglected to back them up, and I'm permanently locked out of some of my accounts. You know what they say about being dumb, Disaster Usually Motivates Backups.<p>I assume this was triggered by an automatic update of the app, so I wanted to warn people who might get burned by the same issue.
Unfortunately related: <i>Tell HN: 2FA code for Google account gone after Google Authenticator update</i> <a href="https://news.ycombinator.com/item?id=42510300">https://news.ycombinator.com/item?id=42510300</a>
I use Authenticator Pro on Android. It offers backup and it's own encryption password --- not the same as the Android phone access key. Every authenticator app should do this in my opinion.<p><a href="https://github.com/ispwd/AuthenticatorPro" rel="nofollow">https://github.com/ispwd/AuthenticatorPro</a><p>In addition to this app, I keep all my passwords in a text file encrypted with AES256. And yes, my secret tokens used for 2FA are included in this file --- not the best but very convenient as I only have one file to backup.<p>I wrote my own simple Windows command line utility to decrypt this file in memory, search for an identifying string, retrieve the secret token and generate 2FA time based codes as needed.<p>As a backup to my phone, I keep this small utility and my password file (along with other crucial documents) on a micro-SD card which is further encrypted by BitLocker. This is attached to my watch strap which goes everywhere with me --- even the shower. The data is as safe as I am, if not safer.<p><a href="https://www.thingiverse.com/thing:6784665" rel="nofollow">https://www.thingiverse.com/thing:6784665</a>
Use a cloud sync solution like 1Password or Bitwarden. That way all your 2FA is in the cloud and available on all your devices.<p>It is less secure but way more convenient.
If you're starting over, use Bitwarden Authenticator:<p><a href="https://bitwarden.com/products/authenticator/" rel="nofollow">https://bitwarden.com/products/authenticator/</a><p>Supports import & export, which is something Authy -- what I used to recommend instead of Google Authenticator -- does <i>NOT</i> support.
I personally use Authy, free, without cloud sync. When I upgrade my iphone (typically every year) all codes are in the new phone. As easy as it should be.<p>Does anyone know what other apps “survive” phone upgrade, maybe not just iphone but android too?
With Ente Auth it's possible to export 2FA to textfile.<p>Then it's possible to import it at numberstation at Linux, and some 2FA apps at Ubuntu Touch.<p>For passwords, keepassxc reboot.