Backing Up Google Authenticator
It’s a best practice to secure your accounts with multi-factor authentication for extra protection in the case of a password leak, or something. Time-based one-time passwords (TOTP) are a common approach, and Google Authenticator is very common, but it does not allow backups natively, which you may need in case you lose your phone, or something. Here’s how:
- Go to ⠇>Transfer Accounts > Export Accounts and literally take a picture of the QR code (since screenshots aren’t allowed.) This will contain all the info you need, in an encoded form of URIs like this otpauth://totp/Example:email@example.com?secret=JBSWY3DPEHPK3PXP&issuer=Example (more info here)
- Decode the QR codes. I choose to
brew install zbar pngpastethen
alias qrpaste='zbarimg -q --raw <(pngpaste -)'and take screenshots of the pictures I took with Photo Booth
- Get https://github.com/dim13/otpauth (Note: on MacOS you make need to
xattr -d com.apple.quarantine otpauth)
- Pass the decoded strings from step 2 into optauth (e.g.
./otpauth -link "otpauth-migration://offline?data=stuffhere")
- Now you’ll have URIs that you can backup and use.
It’s a good idea to encrypt these!