Google Authenticator provides a neat way to use 2-Factor Authentication (2FA). But it has a massive downside that is mostly ignored.
If you lose/reset/replace your phone (which is normally your primary 2FA device) then you’re completely screwed.
Why? Because all your two-factor authentication codes are gone, and never to be seen again.
The huge effort in recovering from this sort of mini-disaster makes me cry.
But don’t worry, we have found the solution to this, that will end all your Google Authenticator woes. 😀
You have a two-factor authentication disaster just waiting to happen
Google Authenticator works by using an App (of the same name) on your phone. You scan the QR codes and it saves the 2FA account on your phone.
There is no easy way to move this App from off your phone to anywhere else. In fact, you can’t even export these codes.
You’re pretty much stuck.
If this phone, or even just the Google Authenticator app, disappears you’re going to get burnt so bad from this you’ll never want to use 2FA ever again.
Which is a huge pity, as it’s a great security layer.
So what are your options? We’ve experimented with a few different approaches because we’ve also been burnt in the past. But we found only one way to solve this problem once and for all.
Enter: Authy App, with Google Authenticator integration
Authy is a fully-fledged two-factor authentication service. But don’t get this confused with Google Authenticator. They’re completely different.
What I’m referring to specifically is the Authy App. You see, the Authy App also handles Google Authenticator 2FA code registration. This means that instead of using the official Google app, you’ll now use the Authy App instead.
But isn’t the problem of your losing your phone exactly the same?
No. Because with an Authy account you can now backup your Google Authenticator codes off your phone (to your Authy account via the app).
Oh yes, you read that right. You now have Google Authenticator backups! 😀
What happens if you lose/reset your phone? You just download the Authy App and retrieve your Google Authenticator codes from their backup.
It’s really as easy as that!
You must replace your existing Google Authenticator codes
All those codes you currently have running on the original Google Authenticator app will have to be transferred to your new Authy app.
You can’t transfer them directly, so it’s more of a “turn it off and on again” process. These are the basic steps:
For every Google Authenticator account you have:
- Go to the original service for the account and remove Google Authenticator 2FA.
- Re-enable Google Authenticator for that account
- Use the Authy App instead of Google Authenticator app to register the account.
It might be a bit tedious, but if you’ve already experienced the pain that comes with losing your GA codes, then you’ll agree some tedium is a cheap price to pay for the huge upside.
Thoughts or Questions?
Pretty useful, right? The reality is that we wouldn’t use Google Authenticator without this backup option. The cost in time and resources each time a phone is replaced is huge and for some reason, this restriction is being completely over-looked by anyone who uses or recommends it.
Please share this and get the word out – there nearly always is a better way to do things. We hope this helped you!
WPSF – Excellent plugin
I’ve been using this plugin for a while now. Paul G has been very kind and helped me with all my questions. I’m so trusting with this plugin that I’ve translated it in Finnish-language too. Every day I check the Audit trail-page and allways there are plenty of unwanted visitors…
I am running this plugin on all of my WordPress sites. No problems with the plugin or any security issues within the sites.
One of the best security plugins.
This is a great plugin
Thank you so much Devs for this awesome plugin.