Back to blog
3 min read

Back Up Google Authenticator Before You Lose Your Phone

How to enable cloud sync for your 2FA codes so you're not locked out when your phone dies.

SecurityMFA

I've seen people locked out of critical accounts for days because their phone died and they had no backup for their authenticator codes. Don't be that person.

Google Authenticator now syncs to your Google account. Here's how to set it up.

Why This Matters

TOTP codes are device-bound by default. Your phone breaks or gets stolen? Those codes are gone. Every account protected by those codes is now inaccessible until you go through each service's recovery process.

For some services, that's a support ticket. For others, it's days of identity verification. For some, you might lose access permanently.

Enable Cloud Sync

1. Update the app. Cloud sync requires a recent version. Check your app store.

2. Open Google Authenticator. Tap the menu (three dots) → Settings.

3. Find the sync option. Look for "Account sync" or "Sync with Google account."

4. Sign in. Authenticate with your Google account.

5. Verify. Install Google Authenticator on a second device, sign in with the same Google account, and confirm your codes appear.

That last step is important. Test it works before you need it.

The Trade-off

Cloud sync means your TOTP secrets are stored in your Google account. If someone compromises your Google account, they get your 2FA codes too.

This shifts security responsibility to your Google account. Secure it accordingly:

  • Strong, unique password
  • Hardware security key or at minimum, authenticator app MFA
  • Recovery options configured and tested

When Sync Doesn't Work

Some accounts don't use standard TOTP. If a code doesn't sync, it might use:

  • Proprietary tokens (some banks)
  • Push-based authentication
  • Time-synced hardware tokens

For these, check if the service offers its own backup mechanism or supports multiple registered devices.

Alternatives

Authy has had cloud sync for years. It also supports encrypted backups and multiple devices natively.

1Password and other password managers can store TOTP codes alongside passwords. Keeps everything in one place.

Hardware keys (YubiKey) for critical accounts eliminate the phone dependency entirely.

Key Takeaways

  • Enable Google Authenticator sync before you lose your phone
  • Test by installing on a second device and verifying codes appear
  • Synced codes are only as secure as your Google account - protect it
  • Consider Authy or password manager integration for additional backup options
  • Hardware keys eliminate phone dependency for critical accounts
BT

Written by Bar Tsveker

Senior CloudOps Engineer specializing in AWS, Terraform, and infrastructure automation.

About meGet in touch

Thanks for reading! Have questions or feedback?

Get in touchMore posts