Google Authenticator provides a neat way to use 2-Factor Authentication (2FA). But it has a massive downside that is mostly ignored.
If you lose/reset/replace your phone (which is normally your primary 2FA device) then you’re completely screwed.
Why? Because all your two-factor authentication codes are gone, and never to be seen again.
The huge effort in recovering from this sort of mini-disaster makes me cry.
But don’t worry, we have found the solution to this, that will end all your Google Authenticator woes. 😀
You have a two-factor authentication disaster just waiting to happen
Google Authenticator works by using an App (of the same name) on your phone. You scan the QR codes and it saves the 2FA account on your phone.
There is no easy way to move this App from off your phone to anywhere else. In fact, you can’t even export these codes.
You’re pretty much stuck.
If this phone, or even just the Google Authenticator app, disappears you’re going to get burnt so bad from this you’ll never want to use 2FA ever again.
Which is a huge pity, as it’s a great security layer.
So what are your options? We’ve experimented with a few different approaches because we’ve also been burnt in the past. But we found only one way to solve this problem once and for all.
Enter: Authy App, with Google Authenticator integration
Authy is a fully-fledged two-factor authentication service. But don’t get this confused with Google Authenticator. They’re completely different.
What I’m referring to specifically is the Authy App. You see, the Authy App also handles Google Authenticator 2FA code registration. This means that instead of using the official Google app, you’ll now use the Authy App instead.
But isn’t the problem of your losing your phone exactly the same?
No. Because with an Authy account you can now backup your Google Authenticator codes off your phone (to your Authy account via the app).
Oh yes, you read that right. You now have Google Authenticator backups! 😀
What happens if you lose/reset your phone? You just download the Authy App and retrieve your Google Authenticator codes from their backup.
It’s really as easy as that!
You must replace your existing Google Authenticator codes
All those codes you currently have running on the original Google Authenticator app will have to be transferred to your new Authy app.
You can’t transfer them directly, so it’s more of a “turn it off and on again” process. These are the basic steps:
For every Google Authenticator account you have:
- Go to the original service for the account and remove Google Authenticator 2FA.
- Re-enable Google Authenticator for that account
- Use the Authy App instead of Google Authenticator app to register the account.
It might be a bit tedious, but if you’ve already experienced the pain that comes with losing your GA codes, then you’ll agree some tedium is a cheap price to pay for the huge upside.
Thoughts or Questions?
Pretty useful, right? The reality is that we wouldn’t use Google Authenticator without this backup option. The cost in time and resources each time a phone is replaced is huge and for some reason, this restriction is being completely over-looked by anyone who uses or recommends it.
Please share this and get the word out – there nearly always is a better way to do things. We hope this helped you!
Picked up when GASP started failing
After Growmap Anti Spambot Plugin stopped working, I replaced it with WordPress Simple Firewall. In the 13 days since, WPSF trapped 301 spam comments, missing none. I’m a convert.
A must have plugin
Incredible that this amazing plugin is free.. everyone should install it in his wp site! good & friendly support too! Thanks for your work iControlWP!
Started using this plugin on a few sites, in place of the more popular plugin. I like it for all the added options and how 2FA works. Does not seem to slow down sites like the leading plugin. Running it on 3 sites now with plans to implement on all…
This plugin is awesome. Very easy to setup and maintain. And it does it’s job very well too of course. After many plugins this is the one to stick with. Thanks guys for developing it!