Backing Up Google Authenticator
Published on . Updated on
It’s a best practice to secure your accounts with multi-factor authentication for extra protection in the case of a password leak, or something. Time-based one-time passwords (TOTP) are a common approach, and Google Authenticator is very common, but it does not allow backups natively, which you may need in case you lose your phone, or something. Here’s how:
- Go to ⠇>Transfer Accounts > Export Accounts and literally take a picture of the QR code (since screenshots aren’t allowed.) This will contain all the info you need, in an encoded form of URIs like this otpauth://totp/Example:alice@google.com?secret=JBSWY3DPEHPK3PXP&issuer=Example (more info here)
- Decode the QR codes. I choose to
brew install zbar pngpastethenalias qrpaste='zbarimg -q --raw <(pngpaste -)'and take screenshots of the pictures I took with Photo Booth - Get https://github.com/dim13/otpauth (Note: on MacOS you make need to
xattr -d com.apple.quarantine otpauth) - Pass the decoded strings from step 2 into optauth (e.g.
./otpauth -link "otpauth-migration://offline?data=stuffhere") - Now you’ll have URIs that you can backup and use.
It’s a good idea to encrypt these!