Bitcoin Forum
November 06, 2024, 03:38:09 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: How to backup Google Authenticator?  (Read 47066 times)
nii236 (OP)
Member
**
Offline Offline

Activity: 85
Merit: 10


View Profile
May 10, 2013, 02:33:24 PM
 #1

Hello everyone,

I am trying to improve my online security by using 2 factor authentication through Google Authentication. I've set it up for MtGox and BTCT but I am concerned about what will happen if I lose my phone or it gets stolen. I will lose access to absolutely everything! Or I install  a ROM on top of the phone and lose all my data because I forget to backup.

What is a commonly accepted way of backing up one's Google Authenticator database? Ideally it would be a single file that I can load back into Google Authenticator or something that will be stored offline somewhere (putting it in cloud storage might not make sense in this case).

Thanks in advance.
Endgame
Sr. Member
****
Offline Offline

Activity: 412
Merit: 250



View Profile
May 10, 2013, 02:37:08 PM
 #2

Just create some backup codes and store them in a safe place, then if you lose your phone you can simply log in with backup code and turn off 2 factor. See here for instructions: http://support.google.com/accounts/bin/answer.py?hl=en&answer=1187538
nii236 (OP)
Member
**
Offline Offline

Activity: 85
Merit: 10


View Profile
May 10, 2013, 04:03:24 PM
 #3

Yes, but that is only for Google accounts. What about MtGox and BTCT and others?
Jasmin68k
Newbie
*
Offline Offline

Activity: 46
Merit: 0


View Profile
May 10, 2013, 04:18:53 PM
 #4

Whenever you register for 2FA you get something called "secret key" or "shared secret" etc.

That is what you need to take a backup of.

Without your phone this secret key can be put into a variety of different apps/scripts etc. to generate the OTP just like your phone would have done it.

One example of such a simple authenticator would be this one: https://github.com/mclamp/JAuth

nii236 (OP)
Member
**
Offline Offline

Activity: 85
Merit: 10


View Profile
May 10, 2013, 04:29:15 PM
 #5

Thanks. So the QR code that I scan is the backup itself? Good to know. However you can't copy the MtGox one for some reason. I'll have to take a screenshot or something.
Jasmin68k
Newbie
*
Offline Offline

Activity: 46
Merit: 0


View Profile
May 10, 2013, 04:41:31 PM
 #6

TBH I don't know what different websites put into their QR codes, probably depends on the website.

With MtGox what you need to make a backup of (copy/paste, screenshot etc.) is called "Secure Private Key".

If you use the authenticator I used as an example above, you can then generate the OTP with "java -jar JAuth.jar -secret=YOURSECUREPRIVATEKEY".

For other websites and/or authenticator apps it's basically the same procedure. So in essence you don't need a phone at all, if you don't want to use one.
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218
Merit: 1079


Gerald Davis


View Profile
May 10, 2013, 04:44:34 PM
 #7

The QR code contains the shared secret (which is what synchronizes the codes on your smartphone and the site's backend server.  Same shared secret + same time means both you and site generate the same code in sync.   The shared secret is simply a number.  The QR code also contains some less important information like "display name".

So if you have a backup of the QR code you use it to "setup" another smartphone

1) When you setup 2FA before you scan the QR code print it out.  
2) Instead of scanning the QR code on screen scan the printout (this verifies the printout was correct, no printing errors rending it unreadable).  
3) Complete the 2FA setup.
4) Now just label the printout.
5) Store the all your labeled google authenticator QR codes in a safe place (like fireproof safe or safety deposit box).
trigeek
Sr. Member
****
Offline Offline

Activity: 252
Merit: 250


View Profile WWW
May 10, 2013, 05:00:27 PM
 #8

Hello everyone,

I am trying to improve my online security by using 2 factor authentication through Google Authentication. I've set it up for MtGox and BTCT but I am concerned about what will happen if I lose my phone or it gets stolen. I will lose access to absolutely everything! Or I install  a ROM on top of the phone and lose all my data because I forget to backup.

What is a commonly accepted way of backing up one's Google Authenticator database? Ideally it would be a single file that I can load back into Google Authenticator or something that will be stored offline somewhere (putting it in cloud storage might not make sense in this case).

Thanks in advance.

You can use titanium backup free to back up the data for the google authenticator android app to your sd card.  be careful with the backup though- it's best to store it somewhere else password protected vs. on your phone.

# HashStrike $ Mining Pools -- Ruby -- Karma -- Mint -- Leaf -- Zeit -- Syn
** Low Fees ** Awesome support ** Super stable **

Lohoris
Hero Member
*****
Offline Offline

Activity: 630
Merit: 500


Bitgoblin


View Profile
May 10, 2013, 05:18:21 PM
 #9

You can use titanium backup free to back up the data for the google authenticator android app to your sd card.  be careful with the backup though- it's best to store it somewhere else password protected vs. on your phone.
Will only work if his phone is rooted.

1LohorisJie8bGGG7X4dCS9MAVsTEbzrhu
DefaultTrust is very BAD.
pekv2
Hero Member
*****
Offline Offline

Activity: 770
Merit: 502



View Profile
May 10, 2013, 08:08:41 PM
 #10

You can also not only backup the code, but as well as run google authenticator on your windows pc.

http://code.google.com/p/gauth4win/downloads/list
glon
Full Member
***
Offline Offline

Activity: 181
Merit: 100


View Profile
August 21, 2013, 11:31:57 PM
 #11

The QR code contains the shared secret (which is what synchronizes the codes on your smartphone and the site's backend server.  Same shared secret + same time means both you and site generate the same code in sync.   The shared secret is simply a number.  The QR code also contains some less important information like "display name".

So if you have a backup of the QR code you use it to "setup" another smartphone

1) When you setup 2FA before you scan the QR code print it out.  
2) Instead of scanning the QR code on screen scan the printout (this verifies the printout was correct, no printing errors rending it unreadable).  

3) Complete the 2FA setup.
4) Now just label the printout.
5) Store the all your labeled google authenticator QR codes in a safe place (like fireproof safe or safety deposit box).

Hi, what if I've already completed point 3 before even thinking about doing 1/2? Thanks!
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218
Merit: 1079


Gerald Davis


View Profile
August 21, 2013, 11:43:57 PM
 #12

@glon Well depending on the site you may have options.
If the site still shows the authenticator code you can print it after the fact.
If the site allows you to change the authenticator code you could change it and in doing so completing the steps above.
If the site allows you to disable the authenticator code then do so and then enable it completing steps above.
If the sties doesn't allow you to change, disable, or show you the authenticator code you probably will need to request the admin remove authenticator from your account.

01BTC10
VIP
Hero Member
*
Offline Offline

Activity: 756
Merit: 503



View Profile
August 21, 2013, 11:51:03 PM
 #13

You can also not only backup the code, but as well as run google authenticator on your windows pc.

http://code.google.com/p/gauth4win/downloads/list
Won't this defeat the purpose to have 2FA in the first place?
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218
Merit: 1079


Gerald Davis


View Profile
August 21, 2013, 11:52:15 PM
 #14

You can also not only backup the code, but as well as run google authenticator on your windows pc.

http://code.google.com/p/gauth4win/downloads/list
Won't this defeat the purpose to have 2FA in the first place?

Yes unless what he means is a dedicated offline machine used for nothing but generating the authentication codes.
jago25_98
Hero Member
*****
Offline Offline

Activity: 900
Merit: 1000


Crypto Geek


View Profile WWW
September 04, 2013, 05:12:56 AM
 #15

You often aren't given the secret key to copy and paste so a common way is to screenshot that qrcode or take a photo. The thing is, you have to remember to do this on logon and you're punching an unencrypted backup through the system.

The whole thing is a disaster waiting to happen. It got me when my phone got stolen and it's caught many others out too. There should be an encrypted backup solution for Google Authenticator. It's just because it's intended for use with Google and usually gmail - there you have all the backup options - paper codes, phone, SMS.

Using Google Authenticator for third party things is fine but really I think gox and all these sites should tell people they should backup and print or backup and encrypt the qrcode.

Bitcoiner since the early days. Crypto YouTube Channel: Trading Nomads | Analyst | News Reporter | Bitcoin Hodler | Support Freedom of Speech!
gambitv
Full Member
***
Offline Offline

Activity: 196
Merit: 100



View Profile
September 04, 2013, 03:39:40 PM
 #16

Thank you for this valuable post. I have just reset all my authenticator settings and now have a nice stack of printouts to put away in a safe.

The stock market today is a war zone, where algobots fight each other over pennies, millions of times a second.
capoeira
Legendary
*
Offline Offline

Activity: 2413
Merit: 1003



View Profile
September 04, 2013, 04:51:33 PM
 #17

You can also not only backup the code, but as well as run google authenticator on your windows pc.

http://code.google.com/p/gauth4win/downloads/list
Won't this defeat the purpose to have 2FA in the first place?

Yes unless what he means is a dedicated offline machine used for nothing but generating the authentication codes.


why is that? if you get hacked you are lost anyways (shouldn't run Windows at all).
2FA is to protect you against password hacks

glon
Full Member
***
Offline Offline

Activity: 181
Merit: 100


View Profile
September 04, 2013, 10:58:22 PM
 #18

You often aren't given the secret key to copy and paste so a common way is to screenshot that qrcode or take a photo. The thing is, you have to remember to do this on logon and you're punching an unencrypted backup through the system.

The whole thing is a disaster waiting to happen. It got me when my phone got stolen and it's caught many others out too. There should be an encrypted backup solution for Google Authenticator. It's just because it's intended for use with Google and usually gmail - there you have all the backup options - paper codes, phone, SMS.

Using Google Authenticator for third party things is fine but really I think gox and all these sites should tell people they should backup and print or backup and encrypt the qrcode.

And wouldn't you know it Google has just updated their Authenticator iphone app and all my tokens are gone after the update. WTF?HuhHuhHuhHuhHuhHuhHuhHuhHuh

Anyone else?
capoeira
Legendary
*
Offline Offline

Activity: 2413
Merit: 1003



View Profile
September 04, 2013, 11:22:34 PM
 #19

You often aren't given the secret key to copy and paste so a common way is to screenshot that qrcode or take a photo. The thing is, you have to remember to do this on logon and you're punching an unencrypted backup through the system.

The whole thing is a disaster waiting to happen. It got me when my phone got stolen and it's caught many others out too. There should be an encrypted backup solution for Google Authenticator. It's just because it's intended for use with Google and usually gmail - there you have all the backup options - paper codes, phone, SMS.

Using Google Authenticator for third party things is fine but really I think gox and all these sites should tell people they should backup and print or backup and encrypt the qrcode.

And wouldn't you know it Google has just updated their Authenticator iphone app and all my tokens are gone after the update. WTF?HuhHuhHuhHuhHuhHuhHuhHuhHuh

Anyone else?


only afected I-Phone...there is a topic here (with recover manual) search it

glon
Full Member
***
Offline Offline

Activity: 181
Merit: 100


View Profile
September 04, 2013, 11:24:56 PM
 #20

You often aren't given the secret key to copy and paste so a common way is to screenshot that qrcode or take a photo. The thing is, you have to remember to do this on logon and you're punching an unencrypted backup through the system.

The whole thing is a disaster waiting to happen. It got me when my phone got stolen and it's caught many others out too. There should be an encrypted backup solution for Google Authenticator. It's just because it's intended for use with Google and usually gmail - there you have all the backup options - paper codes, phone, SMS.

Using Google Authenticator for third party things is fine but really I think gox and all these sites should tell people they should backup and print or backup and encrypt the qrcode.

And wouldn't you know it Google has just updated their Authenticator iphone app and all my tokens are gone after the update. WTF?HuhHuhHuhHuhHuhHuhHuhHuhHuh

Anyone else?


only afected I-Phone...there is a topic here (with recover manual) search it

Yes I said it's an iphone app issue. Care to make yourself useful and post a link to the topic "with recover manual"?
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!