How to Transfer Google Authenticator to a New Phone

There are two ways to transfer Google Authenticator codes to a new phone—manually and through the sync feature. At the time of writing in early May 2023, the sync feature is not end-to-end encrypted, but Google says it plans to offer E2EE “down the line.” Keep that in mind if you want to use the sync option.

• First, to transfer your 2FA accounts manually, open the Authenticator app on your original device (iPhone or Android) and select “Transfer Accounts” from the hamburger menu.

Next, we want the “Export Accounts” option.

Select the accounts you’d like to transfer and tap “Next.”

This will generate a QR code, which you’ll need to scan with your new device.

Again, open the Authenticator app on your new device (iPhone or Android) and select “Transfer Accounts” from the hamburger menu. This time, select “Import Accounts.”

Scan the QR code displayed on your original device. The accounts will be imported and immediately available in the Authenticator app. That’s all there is to it! Now, if you have the Account Sync feature enabled—it is by default—you don’t have to do any of this manual transferring. When you sign in with your Google account in the Authenticator app on a new device, all your 2FA accounts will be synced over. You can disable the sync feature by tapping the profile icon in the top right and selecting “Use Without an Account.”

How to Use Google Authenticator on Multiple Phones

In a perfect world, 2FA allows you to confirm your credentials using a device that you carry with you all the time and only you have access to. This makes it very hard for hackers to spoof the system, because (unlike getting codes via SMS, which is not especially secure) there’s no easy way for bad guys to get their hands on a second-factor authorization delivered via a local app that exists only in your pocket.

When you add a new site or service to Google Authenticator, it uses a secret key to generate a QR code. That, in turn, informs your Google Authenticator app how to generate an unlimited number of time-based, one-time passwords. Once you scan the QR code and close the browser window, that particular QR code can’t be regenerated, and the secret key is stored locally on your phone. The sync feature added to Google Authenticator in 2023 gets around this.

Your 2FA accounts and their codes are synced with any device that has the Authenticator app signed in with your Google account. Not just the original device. However, like getting codes vis SMS, there are security concerns with this method. If someone gets access to your Google account, they could install the app and get the codes. To enable the sync feature in Google Authenticator, you simply need to log in with your Google account. Then, your 2FA accounts will be available anywhere you sign in.

Using the sync feature is very convenient to enable 2FA on more than once device at a time; just be aware of the security risks it brings with it. Google Authenticator is also not end-to-end encrypted (as of May 2023), which adds even more security concerns to the sync feature.