Switching on two-factor authentication is an effective way to keep your accounts safe from hackers, especially on work devices that contain sensitive company data. Apps like Google Authenticator make two-step verification easy by generating one-time codes you can use to access your accounts. They help to prevent unauthorised sign-ins, and give your phone an additional layer of app-based security.
But losing a phone with Google Authenticator app installed can quickly turn into a security nightmare for your company. We asked ESET to explain how to deal with a lost authentication key due to a lost, stolen or erased phone and get back to business ASAP.
How to recover Google Authenticator without access to your phone
Scenario 1: You’re logged in to the account with 2FA on another device
You’re far from the only person in the world to lose a phone. For that reason, many platforms that allow you to activate two-factor authentication (2FA) offer workarounds to help you log in to your account.
If you’ve ever logged in to the account in question on a device besides your smartphone, try navigating to that account’s security settings. From there, you might be able to verify your identity and reset or disable 2FA. The easiest way to do this is if you’re logged in to other Google apps, like YouTube, or other Google devices, such as the Google Nest or Google Home Mini.
If you already have a new phone, you can link Google Authenticator to the app on that device. With some services, you can see the QR code or secret key in the settings menu — and you can just enter those details in the authenticator app on your new device.
Scenario 2: You don’t have access to your account
Let’s say you’re not logged in to your account on another device. If the steps above don’t work, recovering the authenticator isn’t possible. This is because the secret keys the app generates are linked to the device. But you can restore access to your account using different authentication methods.
Try these tactics:
- Request a one-time backup code. Most services that offer 2FA offer emergency codes so you can sign into your accounts if you don’t have the original device. You can try using these backup codes to regain access to your 2FA accounts.
- Get a verification code via email or text. Is the account linked to your phone number or email address? If so, begin logging in like you normally would, entering your username and password. You’ll then see an option to enter a one-time code from the lost authenticator app. Search for a link saying “Don’t have a code” or “Try another way,” and you should be able to choose to receive a code by text, email or voice call. Once you get it, type in the details and sign into your account.
- Reach out to customer support. When all else fails, contact the service’s administrative team. They may have alternative methods to verify your identity and restore access to your accounts.
Backing up Google Authenticator
When you’ve logged in to your account, link Google Authenticator to the apps on your new phone. Then, create backups of your individual Google Authenticator accounts.
There are two ways to do this. You can either go to each account’s security settings and request the 2FA backup code. Or, you can generate an Export QR code of your account keys via the Authenticator app. Here are the steps:
- Open the Google Authenticator app and click the three-dot menu.
- Tap Transfer accounts > Export accounts.
- Choose the accounts you want to generate a QR code for. Click Next.
- Snap a photo of the code.
Once you have the code, store it securely — aka on another device. That way, if you lose your smartphone again, you’ll be able to bounce back and recover your accounts quickly.
Double up on your security OR Recover your accounts quickly and easily
Google’s authenticator app provides an extra layer of security to help secure your online accounts, but it has its limitations. It isn’t linked to the cloud, which makes it a much more manual process to transfer your codes over to another — or a new — device.
It works best in tandem with other authentication apps. For businesses of all sizes, we recommend ESET Secure Authentication (ESA). Part of ESET Protect products, this feature is an easy-to-use, mobile-based multi-factor authentication (MFA) solution that steps up security and protects companies from the fallout from weak passwords and unauthorized access. It helps to prevent data breaches and works seamlessly with cloud services like GSuite and Dropbox. The best bit? It takes just 10 minutes to set up for as many users as you want, and ESET’s team is there to answer any questions along the way.