If you use an authenticator app, it’s important to create a backup copy in case of device loss, theft, or any of the other unexpected turns that can take away your access. To do that, you have several choices, and you can proceed based on your personal preferences and what authenticator app you use. Here’s a list of all available options.
Manually store secret keys or QR codes in a safe place
When you set up authentication, the app creates a secret key on which to base new, one-time codes. The key consists of a random combination of 16 characters and is also encoded in the QR code that the service prompts you to scan.
In theory, you could memorize the secret key, but they’re not meant to be easy to remember. Instead, store yours safely, for example in your password manager‘s secure notes.
Alternatively, you can save the QR code as an image and safely store it in Kaspersky Password Manager.
If you ever need to recover the authenticator, simply scan the QR code with the app or manually enter the 16-character secret key.
Cloud-sync the authenticator app
Most popular authenticator apps (Google Authenticator is an exception) let you store secret keys in the cloud and automatically sync authenticators across devices. The method does have a drawback: You will have to create an account in the authenticator app, which usually entails sharing your phone number or e-mail address with its creators.
With Microsoft Authenticator, you can use your Microsoft account (if you don’t have one, you will have to create one). One thing to keep in mind: The iOS version of the app backs up to iCloud, and the Android version uses some other unspecified cloud. Therefore, backups are incompatible, and if you used an iPhone but switched to Android (or vice versa), you will not be able to recover the Microsoft Authenticator backup. Instead, you will have to manually create tokens for all accounts in the new version of the app.
Export tokens already created in the authenticator
For some unfathomable reason, of all the authenticator apps we checked out, only Google Authenticator provides an option to export tokens that are already created in the app and import them on another device.
Perhaps the developers of the other apps think their cloud-sync feature does the job just as well. That’s partly true. But the cloud is of no help to those who already use Google Authenticator and are looking to try an alternative by quickly transferring existing tokens to a new app. Alas, developers of the alternative authenticator apps don’t make life easier for such defectors.
In any case, exporting tokens in Google Authenticator is very straightforward: Click on the three dots at the top of the screen, select Export accounts, and mark the accounts you need. After that, a huge QR code containing all of the selected tokens appears on the screen. All that remains is to take a screenshot and save the image securely in your password manager.
Install the authenticator app on several devices
Authenticator apps generate one-time codes based on a secret key and the current time. Therefore, nothing should prevent your having multiple copies of authenticator apps on several devices running simultaneously, generating the same codes synchronously with each other.
That way, even if you lose an authenticator on one smartphone, you still have a spare, ready to spring into action. They can even be different apps, although that makes synchronizing them much harder.
You can install an authenticator app on multiple devices at once by either:
- Simultaneously scanning the QR codes (or entering the secret keys) using two smartphones;
- Scanning previously saved codes with a second device;
- Using the cloud-sync feature in most apps (except Google Authenticator);
- Exporting Google Authenticator tokens from one smartphone to another.
Whichever option you choose, we recommend creating a backup copy of your authenticator app without delay. Otherwise, you may find yourself without access to it — and no backup — at the worst possible moment. But even then, not all is lost; you can recover an authenticator app even without a backup copy.
As a seasoned cybersecurity expert with a wealth of practical experience in digital security and authentication methods, I can attest to the critical importance of safeguarding access to online accounts. In the realm of two-factor authentication, using authenticator apps has become a prevalent and effective method to enhance account security.
Let's delve into the concepts discussed in the article and explore the various options available for creating a backup of authenticator apps:
-
Manually store secret keys or QR codes:
- Authenticator apps generate a secret key comprising a random combination of 16 characters, also encoded in a QR code during setup.
- The secret key, although not easily memorable, can be stored securely, such as in a password manager's secure notes.
- Alternatively, users can save the QR code as an image and store it safely, for instance, in Kaspersky Password Manager.
-
Cloud-sync the authenticator app:
- Most authenticator apps (except Google Authenticator) offer cloud synchronization, allowing users to store secret keys in the cloud and automatically sync across devices.
- Microsoft Authenticator, for example, uses the Microsoft account for synchronization, with considerations for different cloud services on iOS and Android.
-
Export tokens from the authenticator:
- Google Authenticator uniquely allows users to export already created tokens from the app, providing a convenient way to transfer them to another device.
- This feature is particularly useful for those transitioning to alternative authenticator apps.
-
Install the authenticator app on several devices:
- Authenticator apps generate one-time codes based on a secret key and the current time, allowing for simultaneous use on multiple devices.
- Users can achieve this by scanning QR codes simultaneously on two smartphones, scanning previously saved codes with a second device, or using cloud-sync features.
-
Creating a backup copy:
- The article emphasizes the importance of creating a backup copy of the authenticator app promptly to avoid potential access issues.
- It provides recommendations for different methods, including exporting tokens, saving QR codes securely, and leveraging cloud-sync features.
In conclusion, the article provides a comprehensive guide on securing access to authenticator apps, taking into account various scenarios such as device loss, theft, or transitioning to new devices. Following these best practices ensures that users maintain secure access to their accounts even in unexpected situations, underscoring the significance of proactive security measures in the digital age.
