For some time I have been using 2FA as much as possible, to secure various logins and accounts.
The app I have been using for it is Google Authenticator on Android. This was because the first time I used 2FA was on starting a new job, and it was what the company was using for OpenVPN and Xero. It all seemed simple enough – when setting up an account on a site it showed me a QR code and I scanned it with the phone. Then to login I would just type in the number currently shown in the phone app for that site.
All worked fine for a couple of years until a hardware fault completely bricked my phone. Without ever checking, I had assumed that Google had backed up the codes it needed and I could just log into my Google account and have them loaded into the app on my new phone. Turns out that that is not the case, and there is no way of backing up Google Authenticator at all. On getting a new phone you can transfer codes across, but that’s all. If you don’t have old phone, that obviously can’t be done.
Continue reading “Why you shouldn’t use Google Authenticator”