3

If someone is using their phone with Authy or Google Authenticator and they lose their phone, can they logon to Google or Authy via another device in order to get an authentication token?

Joe
  • 41,484
  • 20
  • 104
  • 125
Ole
  • 41,793
  • 59
  • 191
  • 359

3 Answers3

3

Authy developer evangelist here.

First up, you can set up Authy to backup your 2FA codes. The codes are encrypted with a password that only you know and uploaded to our cloud.

You can also install and authenticate Authy on multiple devices including your desktop. So if you lose your main device you can use a different device to continue to authenticate while you retrieve your main phone.

philnash
  • 70,667
  • 10
  • 60
  • 88
  • So it looks like all you need to do is hit the enable backups switch and then provide a password and Authy does the rest correct? – Ole Nov 14 '17 at 00:36
2

Open : https://www.google.com/accounts/SmsAuthConfig then on Authenticator app select change phone.

You must scan barcode to change your authentication mobile.

Ancelmus Simamora
  • 21
  • 2
1

So there are a things you can do here:

  1. Save the QR code / Secret Code at setup.

When you set up Google Authenticator it always generates the QR code (and Secret code) that you scan to add the entry to you app. The best practice is to actually save the QR code (take a screenshot) and save that somewhere in your password manager or somewhere safe so that if you loose your phone you can add the account again on a new device. I go one step further and actually take a screenshot of the QR and also click on "I cant scan" and then I also save the initial setup code.

  1. Generate and save the Backup codes.

Google authenticator on most platforms allows you to set up some backup codes, you can set these up and save them, if you then do no have you phone you can use these backup codes to log in and then re-setup Google Authenticator on your new devices.

  1. Use a Two Factor app that actually syncs to the Cloud.

I personally like to use Authenticator + (links below) - you can set this up to sync an encrypted database of all your entries to many different cloud services like Dropbox, Google Drive etc. If you then move to a new phone you simply download the app, install Dropbox and set up the sync once again to sync with you old database.

https://itunes.apple.com/sg/app/authenticator-plus/id963496421?mt=8 https://play.google.com/store/apps/details?id=com.mufri.authenticatorplus&hl=en

Dieskim
  • 600
  • 3
  • 12
  • 1
    Genius - Thanks! – Ole Nov 08 '17 at 03:11
  • No problem, glad to help – Dieskim Nov 08 '17 at 04:01
  • Re 1: Beware that the QR code can expire, so storing them may not helper. E.g. if they are generated by Twilio Authy, they are only valid for 24 hours: https://www.twilio.com/docs/authy/api/one-time-passwords#authenticator-app-generated-time-based-one-time-passwords 2. Google Authenticator doesn't seem to provide backup codes by itself. You can only get backup codes for specific 3rd party accounts (like Amazon, or your Google account), or transfer to another Authenticator app via QR code. https://security.stackexchange.com/questions/167563/where-to-find-google-authenticator-backup-codes – antoine Aug 05 '20 at 18:17