This is something new to me - err, what secret codes and backup codes, please?
As with many others, Google Authenticator is an extremely critical app for us. This is something that I worry about - of not being able to get to the codes (and left high and dry from logging in to exchanges and transferring coins). Losing the phone, for instance.
If there is some sort of backup to Google Authenticator, I hope someone can help explain how to go about it.
I suck at explaining things so please bear with me xD
Secret code/key: when you set up 2fa on some website, they give you qr code which consists of secret key. This is shared secret between you and website. As long as you have backup of this secret you can gain access to your account. Suppose if your phone dies, then install authenticator on other phone scan qr code, done.
Backup codes are one time usable codes, suppose if your phone dies and you don't have secret key and have backup code then you can open website through it, then generate new secret key.
Unfortunately, Google authenticator doesn't allow backups but worry not I just found out new app which allows to do that. It's available on both IoS and android. It's paid app but you should not be caring about few bucks when it relieves future stress :)
It's authenticator plus:
https://www.authenticatorplus.com
Thank you very much! When it comes to the hassle and stress in losing access to our Google Authenticator - and especially in not being able to access our crypto assets at the exchanges - spending a few bucks on protection is well worth it. Many times over. I will definitely check out this app.
In the meantime, and thanks to this post and especially your comments here, I took the trouble to do some research. Trying to find ways to back up our GA. This link provides the simplest way - use Authy in place of Google Authenticator https://www.icontrolwp.com/blog/google-authenticator-backups/
I've gone out to one exchange which I have registered but not yet used. Not at my regular exchanges (Bittrex and Binance), in case I bungle something and locking myself out. Followed the instructions at this website and... it works!
I have also taken a screenshot of the QR Code and key you mentioned above when registering 2FA again. Then saved it in an encrypted VeraCrypt folder. It's on my laptop, USB and cloud (no worries - it's encrypted with AES with SHA512 hash). I will repeat the process with the other exchanges and important sites. In addition to looking up the app you mentioned here.
Thanks again, everyone. This is the most important thing I've learned this week.
I thought it would all transfer over onto new phone. Even made a back up of the app, but alas... all gone.
This is bad news. All this while I too had thought that's how we do it: log in to our Google account on a new phone, download Google Authenticator, and we'd be up and running again. Apparently it doesn't work like that!
I'll bet many others aren't aware of the hassle they'd go through should they have any sort of issue with Google Authenticator. This post should have more visibility so as to ensure they'd know about this.
Now, once you sort all this out, use authenticator +. It allows encrypted backups to Google drive and drop box so you can easily restore if something goes wrong. You can import Google authenticator accounts too if you have rooted device.