Get private, secure web browsing with Avast Secure Browser
Authenticator apps help prevent unapproved sign-ins to accounts and services by providing an extra layer of mobile app-based security, and Google Authenticator is one of the best. But what if you lose your phone with the Authenticator app on it? Here’s how to recover Google’s Authenticator app on a lost phone, and how to protect stolen or lost data with data breach software.
This article contains:
Google Authenticator is very secure because it creates unique, time-sensitive codes that are linked to a particular phone and can’t be easily faked. Google Authenticator isn’t connected to the cloud, which reduces your vulnerability to data breaches.
Another advantage of Google’s code generator app is that it doesn’t require an internet or mobile service, so you don’t have to worry about being locked out of your accounts if you don’t have a connection, or your authentication data being sniffed by hackers.
But Google Authenticator doesn’t have a passcode or biometric lock. So someone with access to your phone and the relevant password could log in to your account. And even without a password, a phone thief may still be able to get your Instagram recovery code, or recovery keys for other services linked to your device.
It's difficult for a hacker to get both your phone and your password, which is the whole reason 2FA exists — but it can happen. That’s why you should use Google Authenticator in tandem with one of the best privacy and security apps.
Using the Google Authenticator app helps you keep sensitive accounts safe.
Here's how to use the Google Authenticator app:
Log in to the account you want to use with Google Authenticator.
Go to the account's security settings and select "2-step verification settings," "2FA settings," or similar, and follow the setup instructions.
Open Google Authenticator (download the app if it’s not on your phone) and scan the QR code or enter the setup key generated via your chosen account's 2FA settings.
Now that your account is linked to your device through the Authenticator app, whenever you sign in the Google code generator will give you a one-time security key which you’ll need to enter to sign in to your account.
You can’t recover Google Authenticator from a lost phone because the secret keys Google Authenticator generates are specific to the device. If you lose the phone, you lose access to the secret keys.
Likewise, anyone who finds Google Authenticator on a lost phone has access to the 2FA codes for the accounts within, which can be a problem if they know the corresponding account passwords.
Google mitigates this risk by not syncing Google Authenticator to the cloud. But this also means that if you lose your phone, or delete the app by accident, all the data is lost too — and you won’t be able to generate a Google Authenticator key to get past the 2FA barrier on your accounts.
But while you can’t recover Google Authenticator like you can recover Windows passwords or other authentication keys, you can still access your 2FA accounts if you lose your phone with the Google Authenticator app on it.
If your lost phone has Google Authenticator on it, you need to secure your accounts connected to the app by logging in with an alternate method, and resetting the 2FA settings. You should also erase your phone remotely if possible. You can then add Google Authenticator to a new phone and re-link it to your accounts.
Most services have procedures in place that let you log in to 2FA protected accounts in other ways to reset verification. Here are some of the workarounds for logging into your accounts without Google Authenticator:
Backup codes: Many services provide one-time backup codes for emergency sign-ins, in case you lose the device linked to the 2FA protocol. If you have these backup codes, you can use one to sign in.
Verification on another device: If you’re logged into a service elsewhere, you can go to the security settings and reset or disable 2FA. For instance, you can reverify your Google account if you have Google devices logged in, such as Google Home Mini or Google Nest.
SMS code: Once you have a replacement phone and new SIM card, it may be possible to request a verification code via SMS to access an account without a Google Authenticator key.
Contact customer service: If you can’t authenticate yourself any other way, customer support for your account may be able to verify your credentials and restore access.
To secure the data stored locally on your device and elsewhere, it’s important to remotely erase the contents of your lost phone, particularly if you use the Chrome browser to manage passwords on your phone. Thankfully, there are a number of failsafes in place in the case of phone theft or loss.
You can erase your Android device remotely using the Google lost phone protocol. But for this to work, your lost Android device must be turned on, signed into a Google Account, and connected to the internet. The device must also have location finding and “Find My Device” turned on.
Apple also offers a similar service for erasing your iPhone. First, sign in to your iCloud account using your Apple ID. Then click Find iPhone > Your iPhone > Erase iPhone and confirm your selection.
The sensitive information on your phone is a sitting duck if your device falls into the wrong hands. And by the time you remotely erase the contents, it may be too late. That’s why knowing how to clean up your iPhone and clear your Android cache is important for keeping compromising data to a minimum.
Once you’ve gained access to an impacted account, you can restore Google Authenticator by setting it up on a new phone. Although the specific steps will vary from service to service, the general process is the same for all types of account.
Here’s how to set up Authenticator for a Google Account on an Android phone:
Download Google Authenticator from the Google Play store and install it on your phone.
In your Google account settings, go to the 2 step verification section and select the Authenticator app.
Click the + Set up authenticator button and a QR code will pop up.
Tap the colored + in the Google Authenticator app.
Scan the Google Authenticator QR code on your computer screen. Then click Next.
Enter the 6-digit code from your phone and click Verify.
Here’s how to set up Google Authenticator on an iPhone or iPad for your Google account:
Go to your Google My Account page and sign in.
Tap the Security tab on the top menu and select 2-Step Verification under "Signing in to Google.”
Select the Authenticator app under “Add more second steps to verify it's you,” and tap the + Set up authenticator button.
Follow the prompts to finish setting up Google Authenticator.
After setting up Authenticator on your iPhone, you may want to set up biometric log-ins using fingerprint scans, retina scans, facial recognition, or other types of biometric data to help secure your device in the event that it falls into the wrong hands.
If you still have access to your old phone, you can transfer Google Authenticator to your new phone by using the app’s functions on both phones. If you don’t have your old phone, you can transfer your accounts to your new phone one by one — but only if you can log in to them another way.
You can’t transfer Google Authenticator to a new phone without the old phone, but you can switch your Authenticator key to a new phone by logging into the 2-step verification section of your account settings and clicking Change authenticator app.
If you have an old phone and want to move your existing Google Authenticator to a new phone, you can transfer all your accounts simply and easily through the app.
Here’s how to transfer Google Authenticator to a new Android phone, iPhone, or iPad:
Open Authenticator and tap the three-dot menu.
Select Transfer accounts and then Export accounts.
Pick the accounts you want to transfer and tap Next. QR codes with your account info will be created.
Open Authenticator and tap Get Started.
Select Import existing accounts? and then Scan QR code.
Scan the QR codes from your old phone to link the accounts to your new phone.
If the transfer worked, you’ll receive confirmation in the app. If the accounts were not successfully linked, try scanning in the QR codes again one at a time.
You can’t back up the Google Authenticator app itself, but you can create backups of your individual Google Authenticator accounts by requesting their respective 2FA backup codes through security settings, or generating a QR code of your account keys through the Authenticator app. Then take a picture of the QR code and store it securely.
While you can’t take a screenshot of an Export QR code with the verification token for your accounts, you can take a photo of it.
Here’s how to take a photo of the Export QR code on Google Authenticator:
Open Google Authenticator and tap the three-dot menu.
Select Transfer accounts and then Export accounts.
Select the accounts you want to generate a QR code for and then tap Next.
Take a clear photo of the generated QR code.
Finally, make sure to store the image of the QR code securely on another device, so that you can access your account codes even if you lose the device with your Google Authenticator app.
You can back up your individual authenticator codes on multiple devices by exporting your account codes into a QR code and then storing them in another instance of the Authenticator app. To do this, follow the same process as you would for transferring Google Authenticator from an old phone.
Having another 2FA method beside Google’s authentication app, such as Google backup codes, can let you into your account even if you lose your phone with the Authenticator app on it. Here’s how to get backup codes for your Google Account:
Click + Get backup codes.
You can take a screenshot of these Google backup codes or write them down, but make sure you store them securely. Some of the best password managers have a secure place to keep sensitive notes, such as backup keys or QR codes.
Google Authenticator doesn’t link to the cloud, but other authentication apps such as Authy, LastPass, and Microsoft Authenticator do. Using an alternative authentication app with a cloud-based backup makes it easier to recover your secret security keys, but it also makes it more likely that your sensitive information will be compromised in a data breach.
An authenticator app and 2FA helps to secure your accounts and sensitive information, but it's not a silver bullet for all your data security issues. If your login credentials ever leak, Google Authenticator can’t help you secure them. That’s where Avast BreachGuard comes in, letting you reclaim control over your personal info at the click of a button.
With advanced identity theft protection including always-on data breach monitoring and an Identity Assist support team on hand 24/7, you’ll always have the tools you need to keep your personal credentials safe. Get your own personal data security detail today with Avast BreachGuard.