Migrate from Google Auth App
2FA is a must, using it with an authenticator app is another must, so the best app of this job must be Google’s Authenticator, right? once a senior developer said “it depends”. and he’s right this time.
The goal of this post is sharing how to migrate your codes from Google Authenticator to another authenticator app, by exporting/replicating your existing accounts as QR codes to scan them again.
But a little context doesn't harm I guess.
If you’re asking (for whatever reason) if you’re keeping both apps they’re generating same OTP pins for the same account at the same moment, the answer is yes.
Google Authenticator is the best convenient app
As I’ve talked about why I’m ditching google’s services [1] one by one (slowly but surely), it was hard to leave Google’s authenticator app for the single reason of the sync feature of your added website with your Google account because I'm completely paranoid whenever I think if someday I'm losing the phone and not having a backup. well I do have backups for each account, those one-use codes but just the idea of having them instantly when needed just makes me lazy to look for them in my ****[2] storage service. in the end I took the step to take so and googled (ironically) for some easy way to migrate them to a new authenticator app.
Context
I'm a Bitwarden password manager fan, maybe because it’s free, or open source, or because the most helpful thing the provided service can offer only a hint message you defined earlier, to help you recover your account. no reset password via email or anything. security wise it’s robust.
Remember the step I took to migrate from Google’s app? it was mainly because of their newest authenticator app, even it’s a standalone app without an integration with their password manager it’s still a better option than microsoft’s app, which my experience with the latter was horrible, and I'm not exaggerating.
Enough of the Whys, let’s dive in the Hows.
Exporting your secrets
While you can go to your sites one by one and replace/register a new authenticator app, how about having them all at once and scan them again? yes, same QR codes you already scanned once, but today will be twice.
The operation is super short with these steps with the help of this repo [3]:
- Export the QR codes from Google Authenticator app: you could have more than a QR code, which each one have the information of more than one account. apologies no screenshot, since i have deleted google’s Authenticator
- Extract your QR codes’ content with a QR reader or Google Lens
- Save the content in a text file: each QR code value starts with “otpauth-migration://offline?data=”, you can either put them in a single line (code content per line) or per file (
mycodes.txtin my case), your choice. - Clone this repository https://github.com/scito/extract_otp_secrets, install python on your machine, check its readme and install the requirements.
If for some reason you get the error “This environment is externally managed” while installing requirements.txt, create a virtual environment and use it as below as described after the same error message:
# create a virtual environment python -m venv ~/venv-py # use its python binary instead of your machine's # inside your cloned repo run: ~/venv-py/bin/python src/extract_otp_secrets.py -p mycodes.txt - And voilĂ ! your QR codes are shown as output of the last command.
- delete
mycodes.txtfile after scanning all your codes with your new (hopefully Bitwarden’s) Authenticator app, or save it next to your already backups codes.
And that’s a wrap!
If you want more technical details i would highly recommend reading this post [4].