Google Authenticator and second device setup

I have two-step verification setup for a Gmail account. Its currently running on an iPhone.

I'm trying to setup the same on an iPod while retaining the setup on the iPhone. (I often like to shut off the phone and carry my music).

I'm at the Manual Entry on the iPod, and trying to locate the required key (I can't offer a screenshot because of broken/incompatible Apple software).

Install Google Authenticator tells me to enter the secret key on your computer screen into the box next to Key and tap "Done". Looking at the 2-Step Verification Settings Page, there is no key on the page:

enter image description here

Where do I find the needed key?

jww

Posted 2014-04-17T00:34:17.333

Reputation: 1

Just scan the QR code on multiple devices during setup. If you have already set up 2FA with one device, first disable it in the settings of the (web) service, then delete it from your Authenticator app and repeat the setup process (this time with both devices). Before entering the first code and completing the setup, make sure both devices show the same codes. – caw – 2019-08-16T20:46:25.413

Answers

I only wanted to post this because though it is similar to @Achilleas's answer, there is an official answer from Google that is actually harder to find (cannot be linked to directly and has lower google search ranking) than this StackOverflow question:

Setting up Google Authenticator on multiple devices

You can set up Google Authenticator so that you can generate verification codes from more than one device.

Make sure that you have Google Authenticator downloaded on all devices that you want to use.

Go to the 2-Step Verification page.

If you've already set up Google Authenticator for your account, delete that account from Authenticator so you can start fresh. If you have not yet set up Google Authenticator, skip to the next step.

Follow directions as usual to set up 2-Step Verification for the mobile app, making sure to either scan the generated QR code or enter the generated secret key on all devices that you want to set up.

Check to make sure that all devices are working correctly by entering the verification codes from each device and clicking Verify. Then click Save.

Google Authenticator does not generate App Passwords. If you are prompted by an application for a new password after turning on 2-Step Verification, you must sign in using an App Password.

Note: If you have iOS 8.3 on your device, you will no longer have to use App passwords to use 2-Step Verification.

It makes no constraints on types of devices and by being from google the previous claim that it is officially unsupported no longer holds. Also, the Note regarding App passwords is actually a good qualifier if you own an device that is not updated to recent iOS releases.

mpacer

Posted 2014-04-17T00:34:17.333

Reputation: 570

8Since the approach is officially described in Google's documentation, I deleted the original answer which calls it unofficial and speculates about device compatibility. This answer is both more complete and points to the correct documentation. – Achilleas – 2016-07-28T08:46:41.733

2I don't get it. "If you've already set up Google Authenticator for your account, delete that account from Authenticator so you can start fresh. If you have not yet set up Google Authenticator, skip to the next step."

Where do I delete the account from Authenticator? Does that mean I have to set up all my 2FA accounts that I have in my current Authenticator app again? – pors – 2017-07-16T13:56:10.320

@pors No definitely not, you just delete the one account that you need to regenerate the code for. Your other 2FA accounts that already exist in Authenticator stay as they are. To delete one account click the pen symbol top right, tap the circle next to the account you want to delete, then press Delete down the bottom. – TripleAntigen – 2018-01-03T13:05:32.047

You shouldn’t delete the account from the Authenticator app before having disabled 2FA in the settings of the service (e.g. Gmail), should you? – caw – 2019-08-16T20:47:26.313

I had this issue too a while back. My solution was to switch from Google Authenticator to Authy. It supports the same sites (since both GA and Authy use the same algorithm) and also has some extra features such as Sync, passcode lock and a browser plugin. (And it looks much nicer if you ask me).

Authy is free and works on iOS and Android.

(I have no affiliation with Authy, other than that I'm a happy user)

EDIT 2019-07-24: Actually, just use a password manager that can do OTP for you. It's safer than depending on SMS (like pointed out in the comments to this answer)

cascer1

Posted 2014-04-17T00:34:17.333

Reputation: 1 762

6Authy needs a telephone number, and uses telephone number as your identity. Which means your security now actually depends on how telecom companies SMS network secure. I wouldn't buy it. – Eonil – 2017-07-09T16:43:06.957

Keep in mind that it is not super difficult to set up your own "tower" to serve as a telecom connection in order to intercept SMS messages. – Lyndsey Ferguson – 2019-07-23T14:18:12.790

Authy's one-time-password security does not depend on SMS or cell provider. Your keys are either on device, or locally encrypted from your master password then backed up to cloud. If someone SIM-swapps you, they can't decrypt. – Vimes – 2019-09-19T01:14:51.140