XDA Basics: How to set up Google Authenticator on your new Android phone
Enabling two-factor authentication adds an extra level of security to your online accounts. The Google Authenticator app is an easy way to get and manage the passcodes that are needed for this. In this guide, you’ll learn how to set up Google Authenticator on your new Android phone.
For this guide, you’ll need:
- A recent iOS or Android phone
- The Google Authenticator app
- Your log in credentials ready
How Two Factor Authentication Works
Usually, it takes only a username and password to log into your accounts. This way, it’s very easy for someone else to log in and compromise your accounts when they know your account credentials. Two Factor Authentication (2FA) makes it harder to get into your accounts. Once enabled, an additional one-time code is required when logging in, so knowing just your password and often-public username isn’t enough to get into your accounts.
While choosing SMS delivery might seem more convenient, it’s safer to use an authenticator app that manages and displays all your codes since SMS messages are easier to fetch by third parties. 2FA passcodes are meant to be used once and they change every 30 seconds. For codes to be generated following cryptographic methods, an internet connection isn’t needed.
Alternatively, some services allow you to confirm a prompt that’s shown on your smartphone instead of entering a code. While almost any recent Android phone will support this type of prompt for logging into your Google account natively, some other services such as Adobe might require you to download an additional app.
Getting started with Google Authenticator on Android
First of all, install the Google Authenticator app from the Play Store on your new phone. When opening the application for the first time, tap on “Get started” to skip the introduction. Next up, Google Authenticator will ask you to set up your first account. This can be done either by scanning a setup code or entering the setup key provided on the service’s settings page. In order to set up 2FA for your Google account, head over to this account settings page. Having added your account, Google Authenticator will guide you to the app’s home screen.
On the home screen, you’ll find a list of all the accounts added and the two-factor authentication passcode beneath. The animated circle next to it shows you how much time is left before the code expires. To add another account, tap the floating plus button on the very bottom of your screen and choose whether to scan a setup code or manually enter the 2FA setup key.
Moving your Passcodes to a New Phone
When moving to a new device, you might want to transfer your accounts to avoid setting up 2FA all over again. In order to move Google Authenticator to a new phone, open the Google Authenticator app on your old device. Then open the overflow menu by hitting the three dots in the top right corner. Tap on “Transfer accounts” and choose “Export accounts”. Confirm your screen lock and choose the accounts to export. Next up, Google Authenticator will show a QR code.
At this point, it’s time to grab your new phone, choose the “Import accounts” option on the transfer screen and scan the code from your new phone. Your accounts will automatically be transferred to your new device in the next step. Alternatively, you can tap on “Import existing accounts?” on the setup screen when first launching the app.
Alternatives to using Google Authenticator
Google Authenticator is an easy-to-use authenticator app. Still, it still has some weaknesses. For example, your accounts are not automatically being synced across devices and when moving to a new phone, you need to manually initiate the transfer process. This also means that losing your phone might lock you out of your accounts.
Some of the alternatives that do have cross-device syncing include Authy and TOTP Authenticator. Remember that you’ll have to trust these applications since your account secrets aren’t stored locally but on the respective developer’s server. Authy encrypts your accounts, while TOTP promises to only store your data in your own Google Drive so that it cannot be accessed by the company.