Google Authenticator iOS App Gains New Export Accounts Option

[MacDaddyPanda]

+1 too late. I started using Authy as well. Mostly for cross device compatibility. I paid for Dashlane, but more and More I think I should have went with lastpass.

 

[Apple_Robert]

Bitwarden and 1Password have OTP included

Strongboxsafe does as well.

Personal KeePass Password Manager | Strongbox

The world's leading KeePass Passwrod manager for iOS and MacOS. Download or find out more about Strongbox today.

strongboxsafe.com

 

[DrV]

LastPass has an auth app - LastPass Authenticator and you can back it up to your LastPass account.

And when I back my LastPass Authenticator up to my LastPass account and lose the device with the authenticator, how do I recover? Obviously, my LastPass account is using the LastPass Authenticator for login. In order to recover my backup I would need to be able to log into the service, but...

Of course, there is bound to be some other way (LastPass OTP / SMS recovery). Unfortunately, the big problem with "some other ways" is that they add attack surface. And wide attack surface is the last thing I want to have with my password manager guarding my deepest secrets.

There are no trivial solutions when it comes to password managers. Maintaining decent security level is next to impossible without a password manager. Losing the access to the password manager is the second worst thing that can happen in one's digital life, and break-in into the password manager is the worst. (Banks have their own systems, so I exclude them.) We need a solution which is both very secure and highly recoverable. Not an easy combination.

My solution is to use GA or other TOTP authenticator with LastPass and have the QR code on paper in a very secure place as a last resort. The master password is also on paper in a very secure place, but not necessarily the same place.

 

[rumormiller]

I use Microsoft Authenticator because it does back up to iCloud.

Back up account credentials in Microsoft Authenticator - Microsoft Support

docs.microsoft.com

I'd like to refresh my iPad by clean installing iOS 14 but I haven't tested the restore process so it makes me a bit nervous about doing it. Has anyone tried the restore process for Microsoft Authenticator? Did it work? Thanks

 

[vmistery]

Hah, with my new phone i migrated them to a combination of 1Password and Microsoft Authenticator. Sorry google!

 

[unsynaps]

Too few, too late. Authy has taken the spot as a decent and easy to transfer 2FA application with a much better approach of using iCloud storage for backups and restore. Move along, Google - you had your time.

While I blasted Authy for its own priority code system (it added a 6th OTP app to my phone to protect my Twitch account) I eventually damped Google for it. The app is password locked for one but the backup feature was a godsend moving to my iPhone 12.

 

[spar13]

I literally looked this up when I got the 12 and noticed that I couldn't transfer stuff but already had an Authy account so I just moved everything over to Authy. A little late there Google.

 

[cerberusss]

Too few, too late. Authy has taken the spot as a decent and easy to transfer 2FA application with a much better approach of using iCloud storage for backups and restore. Move along, Google - you had your time.

It doesn't use iCloud for backup and restore. It uses its own servers. Also, there's no way to get the original tokens out. What Google did here, is actually not bad: a way to transfer the OTP seeds without involving the network.

 

[ds2000]

Thanks for the tip. Looks like a nice Authenticator.

Yeah its great. I freelance so have several customers at one time. With GA my list with unmanagable.
I reset them all to OTP and its great.
I paid the one off fee so I can add my own icons too. The other bonus is when I'm finished on an assignment, I swipe the folder and all the codes are gone. Sorted!

 

[Precursor]

That means there is something wrong with the time setting/clock on your devices. Google auth is a simple time based algorithm.

The other theoretical culprit would be that the time setting/clock on every single server of every account you had was off. Which isn’t realistic.

I have tried it on different machines, in different countries. It has never worked for me. I highly doubt it has anything to do with time settings at this point, yet it is the only explanation Google has offered me through the years.

 

[JimmyBanks6]

I have tried it on different machines, in different countries. It has never worked for me. I highly doubt it has anything to do with time settings at this point, yet it is the only explanation Google has offered me through the years.

It's the only explanation offered because it is the only possibility.

This is how the function works:
token = func(code, time);

The token is what the app displays to you, the only two variables that effect the output is the internal code you cannot see, and the time. The internal code you cannot see is set when you activate an account on authenticator, it is not alterable by you. The only variable that can be altered by the user is the time.

Your time is not matching the time that the server has, causing a mismatch in tokens.

 

[vault]

What if you lose or break your phone?

Every service gives you printable backup codes to recover your account.

 

[Precursor]

It's the only explanation offered because it is the only possibility.

This is how the function works:
token = func(code, time);

The token is what the app displays to you, the only two variables that effect the output is the internal code you cannot see, and the time. The internal code you cannot see is set when you activate an account on authenticator, it is not alterable by you. The only variable that can be altered by the user is the time.

Your time is not matching the time that the server has, causing a mismatch in tokens.

I tried to use it in San Francisco, Istanbul and Dammam, using iPhoneX, iPhone 11 Pro and iPhone 7, none of them worked. I don't get how it doesn't work due to time. Maybe I'm in a temporal fluctuation and out of phase? Then again my brother's doesn't work either. Maybe in my reality it doesn't work, in yours it does 🤔

 

[noanker]

As a former GA user, this is too little, too late. I migrated to Authy some time ago and it suits my needs quite well. Why Apple doesn't come out with their own app, I've no idea, but it would add further value to being in their ecosystem.

 

[miketech79]

I appreciate not storing the keys in the cloud is more secure, but come on, they're stored encrypted in iCloud with a key Apple don't have. I doubt anybody with the power to hack that is particularly interested in pretending to be me on MacRumors forums!

Apple doesn’t end to end encrypt everything in iCloud. So we have no way of knowing if this is truly end to end encrypted. Apple appears to say no to our iCloud backup.

iCloud data security overview - Apple Support

iCloud uses strong security methods, employs strict policies to protect your information, and leads the industry in using privacy-preserving security technologies like end-to-end encryption for your data.

support.apple.com

 

[mazz0]

Apple doesn’t end to end encrypt everything in iCloud. So we have no way of knowing if this is truly end to end encrypted. Apple appears to say no to our iCloud backup.

iCloud data security overview - Apple Support

iCloud uses strong security methods, employs strict policies to protect your information, and leads the industry in using privacy-preserving security technologies like end-to-end encryption for your data.

support.apple.com

What do you mean? It says yes for iCloud Backup. Also for iCloud Drive where I believe the OTP Auth data is likely to be stored.

Edit: Oh sorry, just noticed there’s a separate section on End to End encryption. So you’re saying because it’s not listed in the E2E list its possible Apple have the encryption key for backups (and possible more). I don’t know enough to comment on that. Didn’t this come up when the FBI wanted access to something?

 

[Apple_Robert]

What do you mean? It says yes for iCloud Backup. Also for iCloud Drive where I believe the OTP Auth data is likely to be stored.

Edit: Oh sorry, just noticed there’s a separate section on End to End encryption. So you’re saying because it’s not listed in the E2E list its possible Apple have the encryption key for backups (and possible more). I don’t know enough to comment on that. Didn’t this come up when the FBI wanted access to something?

According to the chart, OTP Auth user file is encrypted on the cloud.

 

[miketech79]

According to the chart, OTP Auth user file is encrypted on the cloud.

Encrypted is different than end to end encrypted! End to end encrypted means even Apple cannot read it. Apple lays that out clear in their list.

 

[miketech79]

So you’re saying because it’s not listed in the E2E list its possible Apple have the encryption key for backups (and possible more). I don’t know enough to comment on that. Didn’t this come up when the FBI wanted access to something?

Exactly! From what I read FBI got Apple to not end to end encrypt everything. I don’t know enough to comment either on what they can get access to on the “encrypted only” part. They say locked notes are the only end to end encrypted storage option for sensitive data.

Secure features in the Notes app

The Notes app includes a secure notes feature—on iPhone, iPad, Mac, Apple Vision Pro, and the iCloud website—that allows users to protect the contents of specific notes. Users can also securely share notes with others.

support.apple.com

 

[mazz0]

Exactly! From what I read FBI got Apple to not end to end encrypt everything. I don’t know enough to comment either on what they can get access to on the “encrypted only” part. They say locked notes are the only end to end encrypted storage option for sensitive data.

Secure features in the Notes app

The Notes app includes a secure notes feature—on iPhone, iPad, Mac, Apple Vision Pro, and the iCloud website—that allows users to protect the contents of specific notes. Users can also securely share notes with others.

support.apple.com

Fair point! I’ll still take the risk though, it’s worth it for the convenience of synced auth apps for me. It’s something people should consider, of course.