Two-factor authentication protects your data. But how do you use it safe? Find out here what the different backup options are.
Table of Contents
What is Two-Factor authentication?
‘Two-Factor authentication’ or ‘2 Factor Authentication’ (2FA), is a term you will see more often online. Especially when you use cryptocurrency exchanges, but also on other websites and with banks. It is an extra verification process to ensure privacy protection of your personal information upon entering your password.
At your bank, you probably already use this in the form of an SMS or a device to safely secure your debit card information. This form of extra security has become really important. Hacks, scams, and data breaches happen almost daily, leaking your password. If you have 2FA enabled on a website or app they hacker won’t be able to access it easily.
Criminals are always looking for ways to access your account, but with the 2FA, you can make it very difficult for them!
Google Authenticator is the most widely used 2FA mobile app in the cryptocurrency world. Every good website, app, exchange and wallet will encourage you to set up 2FA when registering an account. You protect your account from access by third parties, which is also in their interest. It prevents support tickets, reputational damage, and the loss of customers or investors.
If someone knows your email address and password, they will be able to access your personal information including your bank account. When 2FA is activated, that person also needs physical access to your phone to be able to log in. If a website accepts 2FA, it is advisable to use it as well. Google Authenticator is a widely used application to use for 2FA, but there are also other solutions.Protecting multiple accounts is no problem at all. The app is available for iOS (iPhone) and Android devices.
This is an example of the Google Authenticator, which generates the 2FA codes:
Source: Google Play Store
How to activate 2FA using Google Authenticator?
When you turn on 2FA on a website, a QR-code is displayed to scan with the Google Authenticator app. Usually there is also a code to enter manually on your phone as an alternative method. If you enter the response code in the app on the website, 2FA is activated.
Here is an example:
My phone is broken… now what?
The biggest disadvantage of the Google Authenticator is that it doesn’t have a backup function. Not in the app itself, nor on your Gmail account. This is without a doubt a conscious decision by Google, but it can be a serious problem if your mobile phone is broken or lost. The iPhone makes it easy to restore an iCloud backup to a new phone. However, you will find out that the Google Authenticator app is empty.
You will no longer have access to all the sites where you have activated 2FA. You will then have to prove your identity per website via their support to reactivate your Google Authenticator. With crypto exchanges, it can sometimes take weeks!
What are the Google Authenticator backup options?
Before you finally activate 2FA by entering the response code, it is important to make a backup of the QR code and/or the written secret code. How to backup Google Authenticator in case you lose your smartphone or when you bought a new phone? Here are the four backup options with their advantages and disadvantages.
Make a screenshot of the QR code together with the written code (if shown). With a new phone, you can rescan or re-enter the code to gain back access.
Making a screenshot on Windows can be done with the ‘print screen’ button on your keyboard in order to paste it in Microsoft Paint (mspaint.exe) or otherwise with the snipping tool, which can be found in the start menu.
Making a screenshot on Apple (MacOS) can be done by pressing COMMAND+SHIFT+3 for a full-screen screenshot or with COMMAND+SHIFT+4 for selection. The files are usually stored on your desktop with a file name like ‘Screenshot + date.PNG’.
Advantage: it is easy and quick.
Disadvantage: the secret code is stored on your computer, where a hacker or a virus could find it.
Tip: move the files to a USB stick.
Print the page where the QR code and the written code are displayed. Scan the QR code from the paper to test if it works. Also keep it in a safe and dry place.
Advantage: the secret code is no longer present on the computer, which solves the disadvantage of option 1.
Disadvantage: you do need a printer. Fewer and fewer people own one these days. In addition, you must store the printed page on a secure and dry place to prevent unauthorized people from gaining access to it and to make sure it remains readable.
#3 Extra mobile phone
Do you still have a second mobile phone at your disposal? For example one from your work, your partner’s, or an old one lying around? Then you can also use that mobile phone to scan the QR code or enter it manually.
Advantage: you are back up-and-running quickly. And it is very practical if you want to log in. Just take one of the mobile phones that is nearby!
Disadvantage: if you often have both phones together, they can be stolen together or broken due to a calamity.
#4 Write it down
Write the code down the good old-fashioned way with pen and paper!
Advantage: you don’t need a printer or a second mobile phone and it’s 100% secure. Tip: double-check whether you have written the code down correctly and make sure you can read your own handwriting!
Disadvantage: some websites only display the QR code. You cannot write those down. Fortunately, more and more websites show both versions: QR & secret code.
Activated 2FA, but forgot to backup or lost it?
If the 2FA with the Google Authenticator is completely set up on a website, you will need to re-activate it in order to make a backup. Usually a website does have the possibility to turn off the 2FA. This will only be possible if you still have access to the mobile that is connected to.
When you turn it off, you will be asked for the code generated on your mobile, just like when you log in. After this, you can re-activate it and make the backup using the options mentioned above.
Transfer Google Authenticator to a new phone (Android only)
For Android users there is a new method to transfer all your 2FA codes to a new phone.
This is a great and convenient feature that will save you a lot of time, because it will transfer all your codes all at once.
Before this feature was released, the only option is to manually add each code on your new phone.That is either done by scanning the QR-code you saved when creating a screenshot or typing in the written code, which is very frustrating if you have a lot of codes.
How does it work? The app can generate a special QR-code that will contain all the 2FA backup codes you choose to transfer. Once you scan this QR-code on the new Android phone the codes will be moved over.
Step-by-step guide (Android)
First download the Google Authenticator app on your new phone.
Open the Google Authenticator app on your old phone.
Go to the settings, which usually looks like 3 dots or 3 lines (aka hamburger).
Choose the option ‘Transfer accounts’ (see screenshot below).
Select the option ‘Export accounts’
You might be asked to verify it’s you by entering your phone’s pincode or fingerprint.
Now select the accounts you want to transfer and tap ‘next’.
On your new phone go to settings like in step 3 and choose ‘Import accounts’.
Finally scan the QR code on your old phone and the selected codes will be transferred.
Source: Google Authenticator App
Accounts exported warning
You might see a notification on your old phone saying ‘Accounts were recently exported’.This is to warn you that this happened, because if you did not do it yourself somebody now has all your codes!
Although they still need your password for each website or app to access it, you need to take action. The best approach is to change your password and resetting the 2FA everywhere.
Transfer Google Authenticator to a new iPhone
Warning: the following instruction will only transfer the token of your Google account. This method also works on Android phones.
It is rather easy to move your Google Authenticator to another phone via their website.
For all the other accounts you will need to go to the process of disabling and re-enabling the 2FA again.
Jonas Splinter is an IT professional with a broad interest in computers and the internet since his childhood. In recent years, he became fascinated with blockchain technology. Although it’s not suitable for everything, he believes it will change the world.