[nuclx]

I recently tried to backup my Google Authenticator setup from my smartphone. It's possible to export all secret keys to another smartphone using a QR code, however taking a screenshot is prevented. So how am I supposed to protect myself against device loss or corruption, if I don't have another smartphone to use for the backup (other than taking a picture of the QR code)?

[jonnelafin]

This is something I don't understand about Google authenticator. I lost my device once and haven't used the app since, since I lost all of my otp keys.

Good alternatives include andOTP (json file backup, plain or encrypted with password / pgp key) and Aegis (json or txt)

[hawtkey]

I was able to take a screenshot of GAuth backups on iPhone using the button hotkeys(IE: Power+Volume up). I setup a container that runs a go version of GAuth and used a python script to decrypt the (decrypted QR code) backup keys. Then I backed up the encrypted keyfile to offline disk, encrypted the container backup and deleted it from the hypervisor.

https://github.com/pcarrier/gauth

https://github.com/scito/extract_otp_secret_keys