2FA Google authentication

[NeuroticFish]

Google Authenticator now allows users to create and download a backup of their codes. Were you able to import this backup into Aegis or did you add the 2FA codes manually? Also, can Aegis be used all over the place same as Google Authenticator or does it come with some limitations? I am considering using Aegis myself, so it might be good to know. 

I am almost certain that back then Google Authenticator didn't have any kind of export/backup (I am surprised it has now!); however, I've imported them manually.
I am not sure what you mean by limitations for Aegis. It's an Android (5+) application and I think that's the only platform it was made for (at least until now). So it cannot be used "all over the place". (But that doesn't affect me, really).
The only thing I've missed in Aegis (and it happened only once) was the time sync Google Authenticator used to offer.

[1714859859]

1714859859

[1714859859]

1714859859

[1714859859]

1714859859

[1714859859]

1714859859

[1714859859]

1714859859

[1714859859]

1714859859

[cabron]

About google having our code is just something to also worry but just in case you can't sleep about it, don't store millions to your account. Send them to your personal wallet.

Google Authenticator now allows users to create and download a backup of their codes. Were you able to import this backup into Aegis or did you add the 2FA codes manually? Also, can Aegis be used all over the place same as Google Authenticator or does it come with some limitations? I am considering using Aegis myself, so it might be good to know. 

I am almost certain that back then Google Authenticator didn't have any kind of export/backup (I am surprised it has now!); however, I've imported them manually.
I am not sure what you mean by limitations for Aegis. It's an Android (5+) application and I think that's the only platform it was made for (at least until now). So it cannot be used "all over the place". (But that doesn't affect me, really).
The only thing I've missed in Aegis (and it happened only once) was the time sync Google Authenticator used to offer.

I didn't do this 2 years ago and when I lost my phone, I have to submit a ticket to binance and perform the KYC again which they end up wanting me to blink on the camera and the documents needed.  It's better to just have it backed up manually and then whenever you lost your phone, you can just scan the code again.

[Pmalek]

I am almost certain that back then Google Authenticator didn't have any kind of export/backup (I am surprised it has now!); however, I've imported them manually.

You can now export all your codes but in an unencrypted format if I remember correctly.

I am not sure what you mean by limitations for Aegis.

Can you use it on every exchange that accepts Google Authenticator, for example. Or are there certain exchanges where Aegis can't be used, and you have to use an alternative?
 

The only thing I've missed in Aegis (and it happened only once) was the time sync Google Authenticator used to offer.

Sorry, what is the time sync

[NeuroticFish]

You can now export all your codes but in an unencrypted format if I remember correctly.

Nice, but late. I won't go back  

Can you use it on every exchange that accepts Google Authenticator, for example. Or are there certain exchanges where Aegis can't be used, and you have to use an alternative?

I have 29 2FA services in my Aegis, I didn't encounter any issues.
Basically from one seed (text or qr) and current time some calculation is made and a number is shown. It's not rocket science and I see no reason to implement it (slightly) different.
And having so many services supported (OK, I no longer actually use 3/4 of them), I think it's a good test it's fine.
 

Sorry, what is the time sync

I had a couple times in the past this issue. As I wrote, the result is based on the current time. If the time is off (on my phone or on the target web service) the result/number will not be accepted.
It happened to me especially when I traveled abroad and back, I don't know of other things that triggered this. However, Google Auth had (has!) "Time correction for codes", which I think it's some sort of time sync with an atomic clock. After such a sync the codes were accepted again.
Aegis, afaik, doesn't have this.
Of course, one needs it seldom and can sync the phone's time by hand to atomic clock or install Google Auth shortly just for that. (I still have it installed for that sole reason, with only one dummy 2FA in it).

[HCP]

Google Authenticator now allows users to create and download a backup of their codes. Were you able to import this backup into Aegis or did you add the 2FA codes manually?

That's not quite correct... GA now allows you to create a single "QR Code" on screen that you're supposed to scan with Google Authenticator on a "new" device and it will import all your codes for you... but there is no option to "save" that QR code and screenshot is disabled within the app. As far as I can tell, the idea is that you go directly from GA on Device 1 to "authenticator app" on Device 2 etc... Aegis does seem to be able to read and import this single QR Code tho.

Also, can Aegis be used all over the place same as Google Authenticator or does it come with some limitations? I am considering using Aegis myself, so it might be good to know. 

I have not found any GA code that is not compatible with Aegis... again, the only issue I've had is the occasional "time sync" error, where it won't accept the code, but doing the sync in GA seems to fix that issue.

[Pmalek]

That's not quite correct... GA now allows you to create a single "QR Code" on screen that you're supposed to scan with Google Authenticator on a "new" device and it will import all your codes for you... but there is no option to "save" that QR code and screenshot is disabled within the app. As far as I can tell, the idea is that you go directly from GA on Device 1 to "authenticator app" on Device 2 etc... Aegis does seem to be able to read and import this single QR Code tho.

Great, thanks for clarifying that. I have never tested their latest "backup" method, I guess I memorized it wrongly. The method you described is safer than having to save a unique unencrypted file that some users would surely end up losing, misplacing, or leaking to third parties. From your and NeuroticFish's answer I can conclude that you are both using multiple 2FA apps. Is it possible to have authentication codes of the same site across two or more 2FA apps at the same time? 

[HCP]

Is it possible to have authentication codes of the same site across two or more 2FA apps at the same time?

Yes, it is... I have Google Authenticator, Authenticator Plus and Aegis installed and running... I have the codes for several sites in either 2 or all three of the apps without any issues.

NOTE: I mainly use Aegis these days... the other 2 are "leftovers" I stopped using Authenticator Plus because it stopped getting updates (last update Dec 2018).

[bob123]

Google Authenticator now allows users to create and download a backup of their codes. Were you able to import this backup into Aegis or did you add the 2FA codes manually?

That's not quite correct... GA now allows you to create a single "QR Code" on screen that you're supposed to scan with Google Authenticator on a "new" device and it will import all your codes for you... but there is no option to "save" that QR code and screenshot is disabled within the app.

This exact QR can still be used as a backup.
While the application does not allow screenshots to be taken, other applications which have the permission to add an overlay over other apps, still can save that QR, so it can act as a form of backup.

Then, whenever needed, a scan with GA or other authenticator apps who support the format, will restore the saved seeds.

[BITDV]

Hi tech guys,
Please help me with my question concerning 2FA. Do you think it's essential security measure, does it work very well? Then Google will have my security code, right?
I'm just afraid to do smth wrong like lose password or QR-code or smth and lose my crypto.

Google 2FA work very well to secure access to your private area. Actually we can not know google will have your security code or not, because ethically Google shouldn't have it.

I've forgotten / lost google 2FA on an exchange, and resetting old data is quite difficult. Those exchange can not send me backup my last security code but they can delete my last 2FA configuration. I really sure that every platform have diffrent rules about this.

It's better to have and organize your backup key

[NotATether]

Please help me with my question concerning 2FA. Do you think it's essential security measure, does it work very well? Then Google will have my security code, right?
I'm just afraid to do smth wrong like lose password or QR-code or smth and lose my crypto.

No, Google should not have your security code.

This is not correct. Authenticator codes are a function of the secret key and the current time, so the only way for Google to make the same code as the one you typed in Authenticator for verification purposes is if they also have the secret key. And they do, for precisely this reason. It's the only way to verify if the code you typed is correct.

That being said, other people should not be able to know the secret key, unless those people saw your screen when the secret key was first shown (because you're supposed to have only one chance to see the secret key to put it in Authenticator - when the login is first created, but then again, a site could violate this important assumption, which would allow any hacker already logged in to the account to get the secret key)

If the site in question is not Google, then of course they don't know your key - the TOTP process doesn't send anything to Google's servers.