Two-factor authentication is a safe way to keep your personal information on your account safe. This type of authentication can be performed either via SMS or by using special authenticators, such as Microsoft Authenticator.
Very often when using any services for which you’ve created an account, you link the accounts to your phone. Eventually, one way or another, you’ll buy or otherwise get a new phone, because all electronic devices tend to malfunction after a long period of use.
Accordingly, in such cases, you’ll need to transfer your accounts to the new device. However, when it comes to transferring accounts with Microsoft Authenticator, things can be quite difficult.
How to explain Microsoft authenticator
Before you get to the method of transferring accounts with dual authentication, which includes Microsoft Authenticator, you need to understand what Microsoft Authenticator is all about:
Microsoft Authenticator is a two-factor authentication program. This program provides extra security for your online accounts in the form of an app.
You can see Microsoft Authenticator when you use Microsoft products or any sites and apps that use two-factor authentication with a one-time code based on time. The implication is TOTP or OTP.
How to export all your dual authentication accounts to new phone
There’s really no way to export all your dual authentication accounts and then import them onto a new phone. If it’s not Microsoft Authenticator, but for example Google Authenticator, you have to create all the accounts again, manually.
If you’re talking about Microsoft Authenticator, fortunately, this program provides a backup and recovery option.
Note that 2FA is designed in a way that makes it extremely difficult to access an account if you don’t have a 2FA code. That said, most accounts provide backup codes that can be used if your phone is lost or damaged.
If you want to switch devices, make sure you have a copy of the backup codes for each account first. This will surely come in handy if there are problems when you try to restore the accounts.
How to make backup of your 2FA accounts with Microsoft Authenticator
In order to restore the accounts on your new phone later, you need to turn on the backup option on your old phone. Only use Microsoft Authenticator. To do this:
- Open the Microsoft Authenticator app on your phone.
- Once the app loads, tap the three dots on the screen.
- From the options that appear after you tap on the three dots, select “Settings”.
- In the settings menu, find the “Backup” section.
- Under “Backup”, turn on “Cloud Backup” on your Android phone or “iCloud Backup” on your iPhone.
When you do this, if you have a stable internet connection, your accounts will immediately be saved to the Microsoft account you used when you first set up Microsoft Authenticator. The iPhone also requires an iCloud account.
How Microsoft Authenticator is working
This way you can save your account and user names. The saved information will also include the validation code and various metadata, such as backup time, will be included.
It all works in the following way:
- First, Authenticator creates an encrypted JSON Web Encryption blob JWE file, also using AES-256.
- After that, it hashes the data using SHA-512.
- Then it adds it to the JWE, and then saves the whole file and the key identifier in your account.
How to recover your 2FA accounts on new phone with Microsoft authenticator
After you’re done with the backup, install Microsoft Authenticator on the new device. You can download it from Google Play for Android or the Apple App Store for iPhone.
Remember, don’t create any accounts using Microsoft Authenticator after downloading. Don’t do this until you use the recovery tool, as it’ll overwrite the matching site accounts.
As an example, consider the following situation: let’s say you set up 2FA on your Gmail account firstname.lastname@example.org in Authenticator on your new phone. However, the Authenticator on the old phone contains the Gmail account email@example.com.
The recovery tool will overwrite the firstname.lastname@example.org account you added to Authenticator on the new phone with the email@example.com account that exists in your backup.
To use the recovery tool, do the following
- First, open Microsoft Authenticator on the new phone.
- As soon as you open the app, click “Start recovery”.
Next, you’ll see a prompt to sign in to the Microsoft account you used to back up your old phone. Your accounts will then be automatically added to Microsoft Authenticator on the new phone. It may happen that some accounts will need to be re-validated.
You may need to re-login to those accounts or scan the QR code. Microsoft Authenticator will display a message telling you to do this. This is essentially the same process you went through when you originally set up the account. So, it’s better not to use it that way before recovery.
All you have to do with Google is scan two QR codes and all of your accounts transferred instantly. The cloud backup option for Microsoft Authenticator only works with personal accounts.