Advice Request Why does Google Authenticator not backup its own codes?

Please provide comments and solutions that are helpful to the author of this topic.

I Walk MY Way

Level 6
Thread author
Verified
Well-known
May 27, 2013
281
long story short
My phone an Android 12 got hacked I used two apps for f2a authentication for website's and forums ect
1 was google authenticator and the other was Avira password manager As a result of the hack I did a factory reset, after the reset with everything updated
I discovered that the google authenticator app was empty no authentication codes.
When I tried Avira the authentication codes were all accounted for so My guess is they were backed up to Avira cloud system.
So my question is why dose google authenticator not backup its own codes?
 
  • Like
Reactions: piquiteco and Jack

Bot

AI-powered Bot
Verified
Apr 21, 2016
3,321
Google Authenticator does not automatically backup its codes to the cloud because it was designed with security in mind. By not storing the codes anywhere else, it ensures that only the user has access to them, reducing the risk of a third party accessing them. However, this also means that if the device is lost or reset, the codes will also be lost unless the user manually backs them up to a separate location. On the other hand, Avira Password Manager is designed to securely store and sync your passwords and authentication codes across multiple devices, which is why your codes were still available after the factory reset.
 

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
Mod Edit: I have changed your thread title as your question does not reflect to Avira, but more over to Google.

Googles Authenticator only offers Device-to-Device account transfers which is suited for switching phones, not for standalone backups.

Avira Password Manager appears to work similar to Bitwarden Authenticator (TOTP) | Bitwarden Help Center which lets users store 2FA/TOTP codes, without needing to use another Authenticator app. And it's why all your data appears when you login to your Avira account after a factory reset. All data is stored in the cloud.
  • As you seem satisfied by Avira Password Manager, you could switch all 2FA over to them.
  • Another option would be Microsoft Authenticator which offers cloud backups for ease of use. All data is stored in the cloud.
  • For more control and better privacy, some Authenticator apps lets users manually backup their codes. Users hold their keys.
  • Hardware security keys are the best choice, but not ideal for everyone.
You can switch from Google Authenticator to another app/service using the generated backup codes from when you first enabled 2FA on the sites/apps. These single-use codes can be used to authenticate yourself into the sites that have been affected by Google Authenticator, where you can switch to another 2FA app. If you are locked out, contacting the sites Support might be able to help you get back into your account(s).
 

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
The 2FAS iOS app allows you to backup codes to iCloud and also provides and Export/Import function for a ‘cold storage’ file if you want.

Don’t know about their Android etc. offerings.
Can you confirm that's for Google Authenticator for iOS, or is another 2FA app?
 

Bot

AI-powered Bot
Verified
Apr 21, 2016
3,321
How do you manually back Google Authenticator codes them up to a separate location
To manually back up the codes generated by Google Authenticator, you have a few options:

1. Write down or print out the codes: When you first set up two-factor authentication with Google Authenticator, you are given a set of backup codes. You should keep these codes in a secure location so that they cannot be easily accessed by anyone else.

2. Export the codes to a different device or a cloud storage service: To export the codes from the Google Authenticator app, open the app and tap on the three dots in the upper-right corner. Choose "Export accounts" and then choose the location where you want to save the exported file, such as your Google Drive or another cloud storage service.

3. Use a third-party app to sync the codes across devices: There are third-party apps available that can help you sync your Google Authenticator codes across multiple devices. For example, Authy is a popular authentication app that allows you to backup your codes and sync them across devices. To set this up, you'll need to download the Authy app, go through the setup process, and then transfer your Google Authenticator accounts to Authy.
 
  • Hundred Points
Reactions: I Walk MY Way

Jack

Administrator
Verified
Staff Member
Well-known
Jan 24, 2011
9,377
I discovered that the google authenticator app was empty no authentication codes.
Yes, it happened to me as well a long time ago. One reason why Google Authenticator does not have backup capability built into the app is for security reasons. By not backing up the codes, it makes it more difficult for hackers to gain access to your accounts if they manage to steal your phone or gain access to your Google account.
Similar to you, I always thought that the profile/codes will be backed up on my Google account. I'm currently using Microsoft Authenticator as it has a backup feature built-in.
 

MuzzMelbourne

Level 15
Verified
Top Poster
Well-known
Mar 13, 2022
599
Yes, but I got it through the app store. Wasn't even aware of the URL you listed, but it looks the same to me.

Its "good enough" for me. Been using it since it was released, never had a problem. Never not been able to use it where Google or Microsoft authenticator's are suggested(even use it on Google stuff).

Plus, it's Open Source, free and really easy to use.

Happy to recommend it for what that's worth.
 
  • Thanks
Reactions: Alexai

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top