Beware: Authenticator app issues

[nRiTeCh]

Wanted to post this since few weeks..

So on my android phone had installed Google Authenticator and Microsoft auth. app. since years and working all good.
2FA was configured for most of my a/cs like fb/insta/TE/MS etc. and lots more.

For some reason, last month I had to format my phone and reinstall everything.
I checked in to Google/MS Authenticator if there's any backup/export or sync option etc. but finding no such option I had to anyways proceed formatting my phone believing stuff might get synced after my google login etc.

But when I reinstalled Google/MS Authenticator, it was blank with no accounts configured in them no codes etc.

Now the challenge... when I tried to login to insta/TE/fb etc. they all asked for 2FA code etc. but glad they had those email and sms otp thing so I got saved else might had to kiss goodbye permanently.

I knew that while enabling 2FA on any app/site, it shows us 8 digit backup codes which we need to store/note down in a secret. I have few codes for few such apps/sites but majorly I dont have as thought Google baba will take the pleasure as always to sync them all inside Google Authenticator.

So, learnt my lessons, hence urging everyone to backup those 8 digit backup codes and store them handy.

FTW I have disabled 2FA on most of the apps and looking for an Authenticator app which can backup everything configured!

 

[blackscorpio]

for the same reason, I had disabled 2FA.

There should some other way to handle this situation.

 

[t3chg33k]

Wanted to post this since few weeks..

So on my android phone had installed Google Authenticator and Microsoft auth. app. since years and working all good.
2FA was configured for most of my a/cs like fb/insta/TE/MS etc. and lots more.

For some reason, last month I had to format my phone and reinstall everything.
I checked in to Google/MS Authenticator if there's any backup/export or sync option etc. but finding no such option I had to anyways proceed formatting my phone believing stuff might get synced after my google login etc.

But when I reinstalled Google/MS Authenticator, it was blank with no accounts configured in them no codes etc.

Now the challenge... when I tried to login to insta/TE/fb etc. they all asked for 2FA code etc. but glad they had those email and sms otp thing so I got saved else might had to kiss goodbye permanently.

I knew that while enabling 2FA on any app/site, it shows us 8 digit backup codes which we need to store/note down in a secret. I have few codes for few such apps/sites but majorly I dont have as thought Google baba will take the pleasure as always to sync them all inside Google Authenticator.

So, learnt my lessons, hence urging everyone to backup those 8 digit backup codes and store them handy.

FTW I have disabled 2FA on most of the apps and looking for an Authenticator app which can backup everything configured!

I have formatted devices with several 2FA accounts while using Microsoft Authenticator. There is always a restore option on fresh installation.

The stupidity though is that Microsoft does not restore anything if you login with the same account. Instead, you always have to use the tiny restore link after first installing the app, before logging in.

The very first time, I had logged into the account and turned on sync thinking it will restore the accounts but instead it overwrote the cloud backup with the current single 2FA code. Fortunately, I was logged into another Android device and was able to re-sync all the codes from there.

However, having reset at least 3-4 times since then, 2FA backup is not a problem.

 

[bssunilreddy]

for the same reason, I had disabled 2FA.

There should some other way to handle this situation.

Same here, disabled 2FA for all forums unless required for apps like uplay, origin likewise. Steam has its own authenticator so no worries there.

But there is seems to be a lag of 2to3 seconds after which it takes the codes when we input so everybody should notice this.

 

[StygianClaw]

For Android, You can try Authy instead. It backs up to the cloud and syncs across your devices. On iOS, MS Authenticator can back up to iCloud but those cannot be restored on Android. There should be an equivalent option which backs up to Google drive I guess.

I currently have all my 2FA accounts on iCloud Keychain. It syncs across all my devices (even windows machines) and I do not need to worry about them if I reset my iPhone. Authy should provide a similar experience from what I heard.

 

[gourav]

I use Aegis. It is feature rich and customizable.
It does local backup. This backup folder then syncs with my Onedrive.

I use this for other apps as well, which may or may not support cloud backup, like Tasker, True Phone, Nova Launcher, Sesame shortcuts, etc.

 

[nRiTeCh]

I have formatted devices with several 2FA accounts while using Microsoft Authenticator. There is always a restore option on fresh installation.

The stupidity though is that Microsoft does not restore anything if you login with the same account. Instead, you always have to use the tiny restore link after first installing the app, before logging in.

The very first time, I had logged into the account and turned on sync thinking it will restore the accounts but instead it overwrote the cloud backup with the current single 2FA code. Fortunately, I was logged into another Android device and was able to re-sync all the codes from there.

However, having reset at least 3-4 times since then, 2FA backup is not a problem.

Didn't get you exactly but you say using MS auth app gives option to backup restore?

 

[t3chg33k]

For Android, You can try Authy instead. It backs up to the cloud and syncs across your devices. On iOS, MS Authenticator can back up to iCloud but those cannot be restored on Android. There should be an equivalent option which backs up to Google drive I guess.

I currently have all my 2FA accounts on iCloud Keychain. It syncs across all my devices (even windows machines) and I do not need to worry about them if I reset my iPhone. Authy should provide a similar experience from what I heard.

Used Authy in the past. The main benefit of Microsoft Authenticator is the non-code authentication for all Microsoft accounts, including work ones, using biometrics. Also works with the Apple Watch, so don't need a phone to approve a login.

Didn't get you exactly but you say using MS auth app gives option to backup restore?

It is the one from the store. You should see an option to Restore on the main screen, just after installation but before using the normal login option.

 

[StygianClaw]

Used Authy in the past. The main benefit of Microsoft Authenticator is the non-code authentication for all Microsoft accounts, including work ones. Also works with the Apple Watch, so don't need a phone to approve a login.

I used to have authenticator but ever since iCloud added autofill support for 2FA verification codes, I moved my accounts to it. Basically you get a prompt to autofill the 2FA code when needed. It's faster than having to pick up my phone and approve the request. With the latest version of iCloud for Windows, autofill for passwords/verification codes work on Edge and Chrome too.

Also Authy has an Apple Watch app too. But you lose the non-code authentication though.

 

[t3chg33k]

I used to have authenticator but ever since iCloud added autofill support for 2FA verification codes it I moved my accounts to it. Basically you get a prompt to autofill in the 2FA code where needed. It's faster than having to pick up my phone and approve the request. With the latest version of iCloud for Windows, autofill for passwords/verification codes work on Edge and Chrome too.

Also Authy has an Apple Watch app too. But you lose the non-code authentication though.

I have the same accounts synced on both iOS and Android (bit of a pain to add a 2FA account to both apps) but it seems the iCloud option might be better on iOS. But then the non-code authentication from within Apple Watch itself is also extremely useful for Microsoft accounts, so probably have to balance it out and see what works better.

 

[Titokhan]

I use Aegis. It is feature rich and customizable.
It does local backup. This backup folder then syncs with my Onedrive.

I use this for other apps as well, which may or may not support cloud backup, like Tasker, True Phone, Nova Launcher, Sesame shortcuts, etc.

Another Aegis Authenticator user here. The local backup option is indeed pretty useful when you pair with your home/cloud server.

 

[bssunilreddy]

Another Aegis Authenticator user here. The local backup option is indeed pretty useful when you pair with your home/cloud server.

Is this Aegis Authenticator authorized by all?
I never heard of it anywhere though.

 

[nRiTeCh]

Ok so which on is the best from backup-restore purpose like when a phone gets formatted or for some reasons have to config the same on a secondary device.

 

[StygianClaw]

Ok so which on is the best from backup-restore purpose like when a phone gets formatted or for some reasons have to config the same on a secondary device.

Go for Authy if you just want to set up once and forget.

 

[Titokhan]

Is this Aegis Authenticator authorized by all?
I never heard of it anywhere though.

Aegis Authenticator is a free and open source 2FA app that supports both HOTP and TOTP algorithms. Since they are the most used open reference architectures backed by Initiative for Open Authentication, there is no need for any kind of "authorization" to use Aegis for managing 2FA codes for different platforms.

 

[nitin_g3]

I checked in to Google/MS Authenticator if there's any backup/export or sync option etc

Google authenticator does have a "Transfer Acounts" option. I used it to setup my new phone a couple of months ago.

 

[enthusiast29]

I use Authy and have hopped devices and custom ROMs many times, no issues since the account is synced.

 

[StygianClaw]

Google authenticator does have a "Transfer Acounts" option. I used it to setup my new phone a couple of months ago.

You would need the old device with Google authenticator already configured to be able to transfer the accounts though. It won't work if you do not have access to the old device for whatever reason or erased it.

 

[nitin_g3]

You would need the old device with Google authenticator already configured to be able to transfer the accounts though. It won't work if you do not have access to the old device for whatever reason or erased it.

Yeah, I had both of my devices with me.

 

[t3chg33k]

Ok so which on is the best from backup-restore purpose like when a phone gets formatted or for some reasons have to config the same on a secondary device.

Use Microsoft Authenticator if you have work accounts based on it as then it is a one-stop solution, especially with the tap and verify option for all Microsoft accounts. Again, I have restored it multiple times, so not sure why you feel it is still an issue, apart from the fact that the encrypted tokens are being saved on Microsoft's servers.

Before I stopped using Authy, there were several times where it had sync issues between devices which was irritating. Also, now remember it was not recommended on a lot of platforms because of enabling SMS based restoration (not sure if it is still the case).

https://security.stackexchange.com/questions/190864/are-authys-sms-tokens-insecure

As an open-source option, Aegis certainly seems to be a good cross-platform option with local backup, but haven't used it yet.