[tybulewicz]

Google Authenticator now allows you to export your keys to another phone.

I keep my keys in analog form - I print QR code for every service. We know how to handle valuables stored on paper.

[edoceo]

I do this too. And each time I mention my hard copies I also have to explain there are actually 3 copies, physically isolated, etc. Hope you're doing the same.

[thinkmassive]

hot tip: zbarimg

You can store the TOTP seeds in more compact form by converting QR code screenshots to alphanumeric using zbar barcode tools.

In my experience it has difficulty parsing some QR codes created using CSS due to tiny borders between blocks. Those can be fixed by applying a small gaussian blur followed by sharpening (use imagemagick for maximum automation) to fill out the borders.

Edit: packages available in Ubuntu (zbar-tools) & Fedora (zbar), source code at https://github.com/mchehab/zbar

[gknoy]

Would you be willing to describe the process you use to do this?

[cuu508]

Not op, but my usual process is:

* when setting up 2FA, a website shows a QR code

* I screenshot the QR code, and print it out on an A4 sheet, with an annotation of what service it is for

* I scan the QR code from the A4 sheet on two different phones.

* Back on the website, I continue 2FA setup process only after the A4 sheet is printed, and both phones show the same codes

* The A4 sheet goes in a folder for safe keeping

* One phone goes in my desk drawer for daily use

* The other phone goes in my "go" bag that I take with me on short trips etc.

Both phones are used exclusively for Google Authenticator:

* they have no extra apps

* they have a screen lock

* they are always in flight mode

Started doing this when I got burned by having to extract GA's sqlite file from mostly-dead Nexus One over adb.

[waldfee]

since the qr code is just the totp seed, i simply print the seed in huge font on a sheet of paper. chance of enough degredation to inlegibility is pretty slim if stored correctly

[Chris2048]

interesting idea. I wonder what the minimum you need for a 2FA-only device would be.

[thinkmassive]

The Passport by Foundation Devices is a device that's pretty close to this, it just happens to do more than only 2FA: https://foundationdevices.com/

[cuu508]

I'm just using my old phones that still have a working touchscreen and camera.

[klohto]

Screenshot the QR Code and print it? Put it in a vault or store somewhere safe. It’s a standard practice for securing enterprise accounts (AWS root acc. for example)

[ffpip]

You can't screenshot it.

The app puts a no screenshot request, so you have to scan the qr code from another phone.

[koolba]

The screenshot would be done on the desktop, not the phone.

[soco]

What is the point of all these apps forbidding the screenshotting, when everybody needs exactly those QR codes screenshots?

[ffpip]

You give your phone to someone, then he just opens the app and sends the QR code screenshot to himself. He has the codes forever.

Without it, he has 30 seconds to login and put the code by just opening the app and looking at the code.

Not much of a feature, but might help some users

[tybulewicz]

I have only two copies - one stored in home for quick access if needed, second in bank storage locker with all other my documents.

[m-p-3]

I also do this, and I have a backup Yubikey in cold storage for all the services that supports it. Better be safe than sorry.

[techntoke]

I use Password Store for Android and also on Desktop, and they are backed up to my Google Drive

[koolba]

Is this specific to the Android version? The iOS version has not been updated since 2018.

[input_sh]

Android version also didn't see any updates until May this year, when this feature arrived.