On Sunday noon I decided to install Lineage OS on my phone.
I knew I had everything backed up and the only thing I was worried about was Google Authenticator App. Then I remember that when I installed the app, google gave me recovery codes that I had safely stored away.
After an hour the whole installation was over and it was time to restore my apps and settings in the new OS.
Once the Google Authenticator app was installed I opened the app and notice it was empty. That’s ok, I thought, pretty sure I’ve to enter some of those codes to recovery my keys.
But I didn’t see any options to do that
Play me for dramatic effect
It turns out that Google Authenticator does not save your accounts in your Google Account. They exist only on your phone. (You can search about this if you don’t trust me)
After having 5 heart attacks in a row, I started to think: Well… how many accounts did I had set up in there?? and for what sites? and what happened to those codes, what were they for?.
And so it began the task to recover my 8 2FA secured accounts without the 2FA tokens available. Oh, and those codes were just for recovering the Google account and nothing else (big mistake on my part).
Luckily I had a lot of them open on my computer and was able to quickly disable and re-enable to add them back again on the Google Authenticator app.
Some websites know that stupid people like me do stupid things and give you a way to disable your 2FA, with a code that they provide when you enable the 2FA, or offer a recovery mode sending an SMS to your phone.
But others just give you the finger and you get locked out.
One of those sites, not going to disclose which one, didn’t offer me any alternative method like sending an SMS when you don’t have the 2FA token. And this site was EXTREMELY IMPORTANT to me.
After panicking a little more I started to look at how to solve it.
I searched for any hacks, tricks, or anything to do, but didn’t find anything. So I decided to try the support number.
No one answered…. I waited for about an hour or so and called again. This time someone did answer and after a 15 minutes call, they were able to set the SMS method as the primary one. Luckily I had that enabled and set up before when I enabled the 2FA.
This whole mess started at around 13:00 and ended at 18:30.
How to backup your Google Authenticator then?
There’s no tool or option to do it.
The only thing you can do is use the option to export your keys to another device.
This will show you a QR that you can scan with your new device to transfer the accounts. But you can’t screenshot it, save it, or anything like that (for security reasons).
My solution is to start looking for a new MFA App, there aren’t many out there and most of them use their cloud to store your keys.
Fun Fact: If I had searched ‘How to backup google authenticator’ I would have found out all of this on my first click 🥲