[SOLVED] Do not upgrade Google Authenticator (iPhone), you will lose keys!

[eltonjock]

Oops, just did...

I hate the red "1" sign on the top right, so I always upgrade everything as soon as it's available.

Just successfully recovered the old version in iTunes. Here is how I did it:

First of first, go to iTunes ASAP, locate your most updated iPhone backup and make a copy before you try any recover trick.

1. delete the new version of authenticator on your iPhone
2. disable auto sync in iTunes
3. Connect your iPhone via USB
4. Click your iPhone, then go to "application" tab
5. On the left side, scroll down, you gonna see the old version of authenticator, install it.

So close...

Ok, so I unfortunately sync'ed my phone since updating the app. The last time my phone was backed up was 2 months ago. My keys were added after the last back-up. Am I screwed?!

[1714119114]

1714119114

[1714119114]

1714119114

[1714119114]

1714119114

[1714119114]

1714119114

[1714119114]

1714119114

[1714119114]

1714119114

[picobit]

Did that and still didn't work. When I deleted the new GA app (or when you delete any app) it asks if you want to delete all the data that comes with it. In order to delete any app you have to say yes, is that why it probably didn't work? I know I've backed up my iPhone within the last few months so it doesn't make sense to me why it's not there.

It should be OK to delete the app's data - it should be restored when restoring from backup.  However, most people have automatic backups enabled, either over WiFi or when you connect the cable.  If a backup has occurred since you upgraded GA it is almost certainly too late.

[leckey]

Thanks for making this known! I almost certainly would have updated. Catastrophe avoided!

[michaelmclees]

Let's assume that one has 2-factor set up for Bitstamp.  At the time it was set up, the QR code used to authenticate was saved and printed out.

Suppose I just throw my phone into a fire, switch carriers, phone numbers, etc..., and download a new Google Authenticator to my new phone.

Now, will my previously saved QR printout work?  Or is there something unique about each Google Authenticator app that should be backed up as well.

[bitcoiner49er]

I thought the secret code/QR code would recover any "lost" google auth issues.

[michaelmclees]

I thought the secret code/QR code would recover any "lost" google auth issues.

So as long as I have a backup of the QR code used to generate a working Google Authenticator token... it really doesn't matter what Google does, I can always get some copy of Authenticator from somewhere at some time and I can simply rescan and log in to Bitstamp or Mt. Gox, or whatever...

Is this a correct assessment?

[picobit]

Let's assume that one has 2-factor set up for Bitstamp.  At the time it was set up, the QR code used to authenticate was saved and printed out.

Suppose I just throw my phone into a fire, switch carriers, phone numbers, etc..., and download a new Google Authenticator to my new phone.

Now, will my previously saved QR printout work?  Or is there something unique about each Google Authenticator app that should be backed up as well.

It should certainly work.  What you have done is what we should all do!  Save the QR code or write down the secret key (around 20 characters, easily done).  That will also save you if you loose the phone.

[andrewsg]

Kill me pls.

[gadman2]

So this is fine on android?

[minimalB]

It's always a good idea to also backup secret key in case something happens to your phone, right?

I have all of them in a text file and zipped with 7z and passphrase.

I was able to restore back to v1 GA, but in case it wouldn't work, i would just enter secret keys again in v2 GA and "life is good" again.

I hope you guys make "GA secret key" backups too.

[HeliKopterBen]

So this is fine on android?

It is working fine for me.  I have the latest version for android 2.49

[michaelmclees]

It's always a good idea to also backup secret key in case something happens to your phone, right?

I have all of them in a text file and zipped with 7z and passphrase.

I was able to restore back to v1 GA, but in case it wouldn't work, i would just enter secret keys again in v2 GA and "life is good" again.

I hope you guys make "GA secret key" backups too.

This is what I was getting at.  If every phone is different and all the GA's out there are different... then it isn't enough to merely backup the QR codes used to generate site specific tokens.  One must also have the token that GA uses in the first place, no?

Where does one find this?

[minter12345]

Ok google have put up a support page here:

https://support.google.com/accounts/answer/3376859

And they suggest restoring from iCloud backup if you back up to it.  I tried the following and it worked for me:

Restore from an iCloud backup
On your iOS device, go to Settings > General > Software Update. If a newer version of iOS is available, follow the onscreen instructions to download and install it.

Update your device to the latest version of iOS to make sure you can restore from a recent backup of another device, such as a lost or broken device.

Go to Settings > General > Reset, then tap “Erase all content and settings.”

In the Setup Assistant, sign in to iCloud, tap “Restore from a Backup,” then choose from a list of your backups in iCloud.

The above was taken from here:

https://support.apple.com/kb/ph12521

Hope this helps!

[Rampion]

I thought the secret code/QR code would recover any "lost" google auth issues.

So as long as I have a backup of the QR code used to generate a working Google Authenticator token... it really doesn't matter what Google does, I can always get some copy of Authenticator from somewhere at some time and I can simply rescan and log in to Bitstamp or Mt. Gox, or whatever...

Is this a correct assessment?

Yes it is. In fact you should have a paper backup (just print the QR code) of ALL your Google Auth tokens.

[darkmule]

I thought the secret code/QR code would recover any "lost" google auth issues.

So as long as I have a backup of the QR code used to generate a working Google Authenticator token... it really doesn't matter what Google does, I can always get some copy of Authenticator from somewhere at some time and I can simply rescan and log in to Bitstamp or Mt. Gox, or whatever...

Is this a correct assessment?

Yes it is. In fact you should have a paper backup (just print the QR code) of ALL your Google Auth tokens.

I guess I should have a Post-It note with all my passwords pasted to my monitor too.

[Ricochet]

I have no clue about pretty much anything this thread is about, but I do have one crucial piece of advice that may help out:

If you've accidentally already synced your phone after updating, check your Recycle Bin (if on Windows).  My experience with iTunes is that if it was syncing a newer version from the phone to the PC, the older version was merely recycled rather than deleted entirely.  Delete the "new" version's *.ipa file from "My Music \ iTunes \ Mobile Applications", restore the old version from the Recycle Bin, and send that version back to the phone.

[darkmule]

Nope.  None of it worked.  Even after deleting and doing an app-specific restore, installing the old version of GA, the keys are still gone, apparently irretrievably.  The whole fucking point of 2-factor is to keep the other factor solely on one physical object.  I'd be a lot more pissed if I had real money involved.  Google shouldn't just do shit they apparently have no fucking clue how to do correctly.

[CurbsideProphet]

Titanium Backup.  Android not affected.

[Rampion]

I thought the secret code/QR code would recover any "lost" google auth issues.

So as long as I have a backup of the QR code used to generate a working Google Authenticator token... it really doesn't matter what Google does, I can always get some copy of Authenticator from somewhere at some time and I can simply rescan and log in to Bitstamp or Mt. Gox, or whatever...

Is this a correct assessment?

Yes it is. In fact you should have a paper backup (just print the QR code) of ALL your Google Auth tokens.

I guess I should have a Post-It note with all my passwords pasted to my monitor too.

What will you do in case you lose your phone? A paper backup for the Google Auth tokens is mandatory - you obviously do not stick it to your monitor, you store it in a secure place. If you are extra paranoid, you store it GPG-encrypted.

our phone can get lost, it can brick because of a failed update, etc. - Using Google Auth without a backup of the security token is plain and simply retarded. Your phone can get lost, it can brick because of a failed update, etc.

[phorensic]

This happened to me also.  I was using Google Authenticator with an exchange.  I upgraded to a new phone knowing that it would reinstall and import the setup for the keygen for the exchange.  I wiped my old phone and sent it off for recycling.  New phone came, set it up, and Google Authenticator did not reinstall.  When I reinstalled it, it did not transfer the config for the exchange.  So I tried a manual sync with my Google account.  No luck, gone forever.  Took me 2 weeks to get back into that exchange.  Fuck you Google Authenticator.