Tell HN: Google Authenticator lost all of my codes

8 points by maxbond a day ago

Hi HN,

Today I opened Google Authenticator and found all of my codes were gone. Naturally I neglected to back them up, and I'm permanently locked out of some of my accounts. You know what they say about being dumb, Disaster Usually Motivates Backups.

I assume this was triggered by an automatic update of the app, so I wanted to warn people who might get burned by the same issue.

jqpabc123 9 hours ago

I use Authenticator Pro on Android. It offers backup and it's own encryption password --- not the same as the Android phone access key. Every authenticator app should do this in my opinion.

https://github.com/ispwd/AuthenticatorPro

In addition to this app, I keep all my passwords in a text file encrypted with AES256. And yes, my secret tokens used for 2FA are included in this file --- not the best but very convenient as I only have one file to backup.

I wrote my own simple Windows command line utility to decrypt this file in memory, search for an identifying string, retrieve the secret token and generate 2FA time based codes as needed.

As a backup to my phone, I keep this small utility and my password file (along with other crucial documents) on a micro-SD card which is further encrypted by BitLocker. This is attached to my watch strap which goes everywhere with me --- even the shower. The data is as safe as I am, if not safer.

https://www.thingiverse.com/thing:6784665

gnabgib a day ago

Unfortunately related: Tell HN: 2FA code for Google account gone after Google Authenticator update https://news.ycombinator.com/item?id=42510300

solardev a day ago

Use a cloud sync solution like 1Password or Bitwarden. That way all your 2FA is in the cloud and available on all your devices.

It is less secure but way more convenient.

mindwork 18 hours ago

When your password and the time passcode are stored in the same database thats literally not 2FA (second factor).
Rather use apps like Authy or Ente on your phone(something that you have) that could sync.
- csomar 17 hours ago
  
  It is less secure than 2FA on a phone but more secure than without. (ie: your password leaking/hacked and the source is not bitwarden).
maxbond a day ago

The irony is that what appears to be the update which messed me up was to introduce cloud sync.

biglyburrito a day ago

If you're starting over, use Bitwarden Authenticator:

https://bitwarden.com/products/authenticator/

Supports import & export, which is something Authy -- what I used to recommend instead of Google Authenticator -- does NOT support.

yarrowy 21 hours ago

How is that different than Google Authenticator backups?

ecesena a day ago

I personally use Authy, free, without cloud sync. When I upgrade my iphone (typically every year) all codes are in the new phone. As easy as it should be.

Does anyone know what other apps “survive” phone upgrade, maybe not just iphone but android too?

hboon 20 hours ago

What if you lose your phone?

xet7 19 hours ago

With Ente Auth it's possible to export 2FA to textfile.

Then it's possible to import it at numberstation at Linux, and some 2FA apps at Ubuntu Touch.

For passwords, keepassxc reboot.

sitkack a day ago

Fool me once … It used to not even have a way to backup. Having your auth keys on your phone is not actually a good idea.