How to transfer 2 factor authentication to new phone

Google Authenticator is an increasingly important tool for many of us. It adds two-factor authentication to vital accounts by ensuring you need to use your smartphone to enter a randomly generated key alongside your usual password. 

With great power comes complications, though. For instance, what happens if you need to switch smartphones? Fortunately, it's fairly easy to transfer Google Authenticator to a different device, even if it might feel a little nerve-wracking. 

We're on hand to guide you through the steps required to switch your Google Authenticator over to a new phone. The biggest rule to remember: don't delete Google Authenticator from your old phone until it's successfully transferred across.

Now we've got that key point out of the way, let's show you how to do it.

How to transfer Google Authenticator to a new phone 

Whether you're using an Android phone or iPhone, the process is very similar now. Here's what to do. 

1. Open Google Authenticator.

2. Tap the three dots in the upper-right corner to bring up a drop-down menu.

3. Tap Export Accounts. On some devices, this may also be called Transfer Accounts but the same process applies.  

4. Tap Continue or Export Accounts to get past Google explaining what it means to export an account. 

5. On some devices, you may need to confirm your identity again, either via Face ID, fingerprint ID or by entering your phone's password or PIN.

6. Choose which accounts you wish to transfer to your new device. You don't need to transfer them all at the same time but if you plan on selling or discarding your old phone, you almost certainly want to transfer everything to be on the safe side.

7. Tap Export. Still not sure if that's what you want to do? Don't worry. You're still not committed to anything! 

8. A QR code will appear and your screen will get much brighter. Scan that code with the Google Authenticator app on your new phone to get it added on. To get to that point, you need to tap Get Started on the new phone before tapping Import Exist Accounts. Tap Scan QR code before scanning that QR code on your old phone. You'll need to do this for each account but Google Authenticator simplifies the process by listing each barcode as you go along.

9. Once you've done all that, on your old phone, tap next to move onto one of the last steps.

10. Now you can choose whether to remove all the exported accounts or whether to keep them on your old device. If you plan on using your old device, it could be worthwhile keeping them. If you're looking to sell it though, delete them. Also, don't forget that the more devices you have set up for Google Authenticator, the less secure it may be. Obviously, that's assuming someone has your phone password. 

I don't have my old phone any more. What do I do? 

Lost your old phone or it doesn't work any more? Don't worry. There are still ways for you to regain Google Authenticator and use it on a new device. 

If you have backup codes, you can enter those on your new device and you're good to go. Not sure where you put them? Log into your Google Account then click Security. From there, scroll down to 2-Step Verification and enter your password. On the next page, scroll down to Backup Codes and click on Show Codes to get your pre-existing backup codes to add to the new device.

There are 10 codes and each of them can only be used once. It is possible to generate new ones though by clicking on Show Codes then clicking Get New Codes.

Why should I use Google Authenticator? 

If you're reading this, you almost certainly already have Google Authenticator set up. However, if you're trying to learn more about how it can help you out, well, it protects your data and identity.

Passwords are rarely enough to keep your most important accounts safe. A brute force method or some clever social engineering can mean that someone can figure out your password. If there's a second level of defense, you're far more protected.

Some websites and services encourage the use of codes sent via SMS to keep threats out but this isn't as secure as Google Authenticator. That's because a phone number can be spoofed and cloned, so a truly determined hacker can still gain your information. 

For the average user, that's less likely to happen but it's still possible. With a quick-to-install-and-use app like Google Authenticator, you can gain some considerable peace of mind. 

When you’re switching phones after an upgrade or an accident, the job of checking up on your two-factor verification apps can get lost in the hustle of transferring photos, contacts, messages, and all the other stuff that more quickly comes to mind. Without your security codes, though, you might get locked out of your key online accounts—here’s how to make sure that doesn’t happen.

Virtually every app and account of note now has two-factor enabled—that’s undoubtedly for the best, but it does place a lot of importance on your phone. You should always make sure your backup access methods are secure and current as well, just in case: with Facebook, for example, that might mean identifying some trusted contacts who can help you get back into your account.

If you use codes sent over SMS, life is a bit easier, particularly if you’re keeping the same number: Your codes will turn up on your new phone as normal. SMSes can be intercepted though, so we’d recommend switching to app-generated codes if you can. If you use SMS codes and change your phone number, make sure the new one is registered with whatever apps or services it needs to be before you lose access to the old one.

While all this might seem an unnecessary amount of hard work, it’s a small price to pay for the extra security that two-factor offers, and you’re unlikely to upgrade your phone more than once a year or so anyway. Work through your apps one by one, and make sure you’ve safely switched over all of them before ditching your old phone.

Google

Google Authenticator for Android and iOS is the mainstay of Google’s approach to two-factor for its accounts, and if you’re switching to a new phone then you need to get the app installed and activated on it. You don’t necessarily need to deactivate or delete the app on your old phone, though it’s recommended to be on the safe side.

As per Google’s instructions, dive into your account on the web and get yourself a backup code—pre-generated codes that unlock your account—just in case it’s needed (click on 2-Step Verification). Then download and install the Authenticator app on your new phone. Back on the web on the 2-Step Verification screen, click Change phone under the Authenticator app heading, then follow the instructions.

You’ll be asked to scan a barcode in the Authenticator app on your new phone (tap the red plus button to do this), which will then be verified. The codes from the app on your old phone will no longer work at this point.

Google recently added a new prompt option to replace or work alongside the Authenticator app, which you can see on the 2-Step Verification screen—this simply brings up a prompt on any device linked to your Google account that you have to hit confirm on, no separate apps needed.

The Authenticator app also works with other third-party apps and services, so you can use it to generate codes for more than just your Google account.

Apple

Apple has made the switch from two-step verification to two-factor authentication, terms that are generally used interchangeably by everyone else. Essentially, it means two-factor tech is now built into macOS and iOS, and you need one “trusted device” (one that Apple knows is yours) to log in anywhere new.

While the more modern system doesn’t use SMS codes anymore (and with good reason, as they can be intercepted), it does rely on your phone number. If you’re switching to a new iPhone, then all you need to do is make sure your mobile number is correct by logging into your Apple account on the web.

Click Edit next to the phone numbers in the Security section, and add your new number (you can even add a trusted friend’s number as well, just to be on the safe side while you set up your new iPhone). As long as these are accurate, you should be okay.

Most of the time you’ll be upgrading from one iPhone to another, with the same number, in which case iOS does everything for you (you’ll still need your account password of course). If you are switching SIMs, add your new number via your Apple ID account on the web. There are no apps or codes to mess with, as there are with Google, but then Apple only has to worry about its own operating systems.

Microsoft

Microsoft, like Google, has an authentication app you can install for Android and iOS. The best way of switching the phone you need to log into with is to simply install the app on your new device while keeping your old one available until you’ve made the switch.

Everything is managed through your Microsoft account on the web. Click Security, then More security options to configure this: Choose Set up identity verification app, then follow the instructions on screen—you’ll need to sign in using your Microsoft account credentials on your new handset, then, of course, verify your identity again using the two-factor authentication system.

If you’ve got the old app still installed on your old phone, you can simply tap once to approve the request and confirm your new phone as a recognized approval device. If you don’t have your old handset, you can get a code sent to one of your registered phone numbers or email addresses.

The account and device connections involved in two-factor authentication are why it’s always important that your registered details are always correct—one day they might be the difference between being able to get into your account or not. Make a note of alternative login methods, and make sure you’re always covered.

Other accounts

As we’ve already said, a whole host of apps and accounts now work with two-step authentication, so we won’t go through every single one here. The important point is that you remember you need to make the switch for these as well. If possible, keep your old device around until this has happened, and make sure your backup recovery information is all correct, just in case it’s needed.

A bunch of apps and services—from Facebook to Reddit—now very politely let you use any two-factor authenticator app you want, like Google Authenticator or Authy, to manage your codes. These apps typically work offline, and some (including Authy) let you sync your codes across multiple devices, making the process of switching to a new phone a lot easier (you just set up your new phone as a second device, then deactivate the original one).

We’d recommend an all-encompassing two-factor app just for convenience and security’s sake, keeping all your codes in one central stronghold, but you’ve still got the option of choosing dedicated apps if you prefer to keep everything separate.

In the case of Yahoo accounts, it’s the Yahoo Mail app for Android or iOS, and you can verify your new phone using the app on your old phone. From the new device, you can then manage which devices can confirm future logins by opening the app menu, tapping the key next to your account name, then choosing Manage Account Key. If you no longer have your old account, you can use email or SMS as a backup verification method.

In the case of Facebook accounts, if you want to use the Facebook app itself for your codes, it’s just the same: Install the Android or iOS app on your new phone, and use your old one to confirm your identity before wiping it (you can do this even if you’ve already swapped the SIM over). Again, if you’ve lost access to your old device, Facebook offers a variety of alternative login options on the web. Trying to sign into accounts that aren’t mobile-only is definitely easier if something goes wrong.

Should you get stuck, ask the app developer for help: Blizzard recommends removing its authenticator from the old device first, then adding the app on your new device (if you’ve lost or sold the old device, you need to contact Blizzard directly). For Steam, meanwhile, you can verify the authenticator app on a new phone using your existing cell number, but if that number is changing, you need to disable the original authenticator first.