Recently I’ve had to start using two factor authentication (2FA), both for my AWS account and Bitcoin wallets. It seemed like there were two main options for apps to run this, Google Authenticator and Authy. Initially Authy looked like a good bet, it could sync across multiple devices, including smart watches, but it turns out this convenience means the security is weakened – to the point that Coinbase advised users not to use it! Google Authenticator goes the other way, it is extremely secure, but if you lose/reset your device the settings, and potentially access to your accounts are lost.
The only way to avoid this situation is to make a backup of your access codes at the time you add them to Authenticator. You can either do this by writing down the seed key, or taking a screenshot of the QR code. It is not advisable to keep these backups with your phone or readily accessible on an online computer, as this is one of the keys to your account. I prefer to print off a couple of copies, write – with a pen, which account the QR code is for and file them away separately. I also keep another copy on an encrypted memory stick. If you are using 2FA to access an online account and have not backed up your access codes – you should do it now!!!
When you get a new device, or wipe your existing device, it is just a case of re-scanning the QR code into Google Authenticator from your backup. You can test your backups by scanning them into Authenticator again, either on your existing device or a separate one – they will give the same six digit code as the original. To test that nothing was linked to my iPhone I also installed Authenticator on my old iPhone and was able to log into my AWS account – AWS is ideal for testing 2FA, as you can create a dummy account with 2FA enabled, without running the risk of losing access to your main account.