Hacker News new | ask | show | jobs
by Nathan2055 1086 days ago
I stopped trusting Google Authenticator several years ago when I realized it had no syncing, backup, or even device transfer functionality whatsoever. A quick test made me realize that if anything happened to my device, I would just lose all of my 2FA keys with no way to recover them. I also then realized that if anything happened to the app (which apparently has a couple of times throughout its existence), I’d have the same problem.

I migrated to Authy because it at least has syncing and backup functionality. Sure, it’s less secure, and I should probably self-host somehow for the best security/stability assurances, but Authy seems to work pretty well for what I need it for.
3 comments
password4321 1080 days ago
Google Authenticator has supported manual device transfer for some time via QR code.

You can decode these application-specific QR codes for backup or transfer purposes using a third-party tool: https://github.com/scito/extract_otp_secrets

link
davchana 1086 days ago
As long as one keeps the original string and or qr code safe (in a separate password database), TOTP can be put in multiple devices, is backed up & will not get locked out of accounts. But also, at the same time, none of the MFA setup flows on any website tells user to keep "this" string safe. Once that string is gone, there is no way to recover it.

I have a printed sheet with all those strings and their account names in my own memorized encoded form (like rot13). Plus my main phone, my backup phone, my tablet, all of them have same app & codes (all devices have fingerprint & pattern locks).

link
szasamasa 1086 days ago
it is now can be synced and backed up in your google account which you can tie to your real identity with your phone number and telecom company where you can have a contract... in addition, you can have a 10$ android phone that barely moves (or your old phone) sync to your google account, get the authenticator codes, battery 77%, phone has pin, and shut it down and put in in your drawer/fireproof safe... is it better to back your secrets up on paper? why do you have to see your secrets?
link