When you lose your phone
If you lose your phone or it gets stolen and you use Google Authenticator, then you can no longer use the Google Authenticator 2FA codes to log in to services that require 2FA.
You’re effectively locked out of accounts that require 2FA! This is a really annoying problem.
Here’s what you can do to a) sign in to websites and services you need to access, and b) recover your Google Authenticator app and codes.
Unfortunately you can’t simply restore Google Authenticator if you’ve lost your phone.
How to sign in to websites without a 2FA code generator
Use an alternative 2FA method to log in
Often if you don’t have your 2FA device handy, services will allow you to use an alternative backup method of authentication. For example:
SMS - This won’t work if you’ve lost your phone
Lets say you want to sign in to Facebook but you lost your phone with your 2FA codes on it. At the 2FA screen you have the option to use other methods than your 6-digit code.
For example you can send yourself an SMS. If you’ve lost your phone this won’t work either! Click “other options” and you are given the option to authenticate via email or by uploading your ID. This is just for Facebook, but other services will provide similar backup methods for sign in.
Once you’ve signed in, you can disable 2FA temporarily or you can set up 2FA with an alternative if you still can’t access Google’s Authenticator.
Use a different service to generate codes from your secret key (if you can access it)
In some cases you may be able to sign in to a service on your computer and grab your secret key. With this you can then generate a 6-digit code and log in.
For example if you’re already logged in on your laptop or another device to a service, you can go to security settings and get your secret key. But unless you’re already signed in it is unlikely you’ll get access without entering 2FA codes.
How to recover your Google Authenticator
Key points before you begin
First of all you will have to get an old phone or buy a new phone so you can transfer your Google Authenticator to it.
Secondly, if you are locked out of your Google account due to two-step verification, you’ll have to recover that before you can begin.
Thirdly, and most importantly, be aware that you will have to set up 2FA all over again for your accounts. They will not sync to your new Google Authenticator app on your new device!
Transfer your Google Authenticator to another phone (without the codes)
Google will allow you to transfer your Google Authenticator app to another phone, but they won’t transfer all your codes. If you’re wondering why not, it’s explained below.
So you will have to log in (using an alternative method as described above) to each app and generate new 2FA codes for your new Google Authenticator app.
Why doesn’t Google allow transfer / backing up of 2FA accounts?
Proper implementation of 2FA (aka two factor authentication) requires that your 2fa seed codes be stored on your device. This makes the secret codes available only to you. In 2FA terminology this makes them something only you possess. This is what makes 2FA secure system for preventing hackers from accessing your accounts.
If Google or another service backs up your seed codes then they will exist in the cloud, and may be accessible to other people, therefore undermining the principle behind 2FA.
Why doesn’t Google Authenticator work on multiple devices?
For the same reason as above, Google Authenticator only works on one device at a time. This is to ensure that possession of the seed codes is restricted to one individual.
If you want to backup 2FA and use it across different devices (while still being secure) then there are alternatives to Google Authenticator available that do just this.
How to backup and sync 2FA codes
There are two ways to backup 2FA seed codes / 2FA QR codes. But first we should explain some basic terminology.
What is a seed code (vs 2FA QR code)?
Your 2FA seed codes are secret codes that only you have access to. In theory they should not be stored by anyone else apart from by the service you are signing in to.
QR codes are effectively the same as 2FA seed codes. A visual QR code is used to make copying long seed codes more convenient.
Seeds are used to generate a one time password - usually a 6-digit code that is valid for a limited period of time.
How to back up 2FA seeds
Services that back up 2FA allow users to sync from one device to another, or even share 2FA codes with their team. This comes with risks but in many cases the convenience outweighs the risk for users.
Services like Authy and Daito provide secure encrypted environments for backing up seed codes. Daito even allows you to exort your 2FA tokens for backup purposes.
Alternatives to Google Authenticator that allow backup / sync / cross device 2FA
Best for businesses & teams
Daito is an Encrypted 2FA sharing and management system
Best for individuals