|
|
|
|
|
|
by Arch-TK
1204 days ago
|
|
|
Wouldn't most people just use Google Authenticator and have it automagically back up to google's nigh unlimited storage space? Obviously not something anyone who respects their privacy would subject themselves to, but it seems to me like the easy path leads to these things being backed up. Obviously if google has your 2FA keys and you were using 2FA keys to log into your google account then you would need to recover your account, but you would be stuck in the same situation as if you had damaged/lost your SIM (e.g. if you lose your phone). |
|
|
You can transfer your Google Authenticator state to another phone. This is accomplished through scanning QR codes -- no data is transferred over a network. This is a relatively new feature; for many years, Google Authenticator refused to provide any way to extract the authenticator state from the phone at all. You literally had to root your phone to get the state out.
It's designed this way because if your TOTP state were backed up to your Google account then it would no longer provide any additional security over Chrome's password manager, which is also backed up to Google. The two factors in "two factor" are supposed to be "something you know" (password) and "something you have" (phone, or security key). In order for the authenticator app to really be "something you have", it has to be hard to copy.