Google Authenticator – How to Backup for Moving to a New Device

Recently I’ve had to start using two factor authentication (2FA), both for my AWS account and Bitcoin wallets. It seemed like there were two main options for apps to run this, Google Authenticator and Authy. Initially Authy looked like a good bet, it could sync across multiple devices, including smart watches, but it turns out this convenience means the security is weakened – to the point that Coinbase advised users not to use it! Google Authenticator goes the other way, it is extremely secure, but if you lose/reset your device the settings, and potentially access to your accounts are lost.

The only way to avoid this situation is to make a backup of your access codes at the time you add them to Authenticator. You can either do this by writing down the seed key, or taking a screenshot of the QR code. It is not advisable to keep these backups with your phone or readily accessible on an online computer, as this is one of the keys to your account. I prefer to print off a couple of copies, write – with a pen, which account the QR code is for and file them away separately. I also keep another copy on an encrypted memory stick. If you are using 2FA to access an online account and have not backed up your access codes – you should do it now!!!

When you get a new device, or wipe your existing device, it is just a case of re-scanning the QR code into Google Authenticator from your backup. You can test your backups by scanning them into Authenticator again, either on your existing device or a separate one – they will give the same six digit code as the original. To test that nothing was linked to my iPhone I also installed Authenticator on my old iPhone and was able to log into my AWS account – AWS is ideal for testing 2FA, as you can create a dummy account with 2FA enabled, without running the risk of losing access to your main account.

WordPress Backups Using UpdraftPlus and Amazon S3

I had a bit of a disaster the other day – I went to link to a blog post from a few months ago and it wasn’t there! I remember writing it, and knew it had posted, because I remembered some of the comments from when it appeared on my Facebook profile. I then remembered that there had been some funny goings on with the WordPress Mac app, I’d had a duplicate post and deleted it manually. However now it seems like the duplicate had also been deleted.

Of course it was at this point I realised that my latest backup was a couple of months before the post and I couldn’t recover it from anywhere. I was particularly annoyed at myself because I have a thorough backup routine for my Macs and especially my photography work, yet virtually nothing for my blog. However, it was the kick up the backside I needed to sort out a decent backup routine for my blog!

Given that I was the weak link when it came to backing up my log I wanted something automatic, that would run regularly and email me when it had completed. As with most things WordPress, there seemed to be loads of plugins available, most of them paid services. In my research I’d read good things about UpdraftPlus, so was pleased to find their free option, which is more than powerful enough for a small blog like mine.

To see if it UpdraftPlus lived up to the hype, I downloaded it onto my WordPress development environment (Chassis running on my iMac) and had a play. Looking at the list of remote storage services Amazon S3 was the obvious choice, as I already use Amazon Web Services to host my blog. Knowing the basics of cyber security, I only wanted UpdraftPlus to have minimal access to AWS, I had got myself lost in a maze of IAM, S3 buckets, users, groups and permissions. I was on the right track but this post on the UpdraftPlus blog, told me exactly what I needed to do. The IAM Policy Simulator on AWS was also a huge help in making sure my policies were both written and applied correctly. I went for the maximum security option, which also gave me a chance to delve into the workings of S3, setting up rules to archive then delete the data after periods of time.

Once deployed and tested on my development environment, it only took a matter of minutes to get working on my live blog, giving me regular, automated backups. Now the only task left to do is do rewrite the post that got lost…