Nat TaylorBlog, Product Management & Tinkering

Backing Up Google Authenticator

Published on . Updated on

It’s a best practice to secure your accounts with multi-factor authentication for extra protection in the case of a password leak, or something. Time-based one-time passwords (TOTP) are a common approach, and Google Authenticator is very common, but it does not allow backups natively, which you may need in case you lose your phone, or something. Here’s how:

  1. Go to ⠇>Transfer Accounts > Export Accounts and literally take a picture of the QR code (since screenshots aren’t allowed.) This will contain all the info you need, in an encoded form of URIs like this otpauth://totp/ (more info here)
  2. Decode the QR codes. I choose to brew install zbar pngpaste then alias qrpaste='zbarimg -q --raw <(pngpaste -)' and take screenshots of the pictures I took with Photo Booth
  3. Get (Note: on MacOS you make need to xattr -d otpauth)
  4. Pass the decoded strings from step 2 into optauth (e.g. ./otpauth -link "otpauth-migration://offline?data=stuffhere")
  5. Now you’ll have URIs that you can backup and use.

It’s a good idea to encrypt these!

Popular Posts

Post Navigation