Understanding Two-Factor Authentication
Two-Factor Authentication (2FA) is an authentication method that allows users to better secure their accounts by requiring two different authentication factors to log in. For example, requiring not only a password but also a one-time code. Users can receive one-time codes through text messages, emails, or an authenticator app.
To enable 2FA for an account, users typically follow these steps:
- Log in to the desired account
- Select the option to enable 2FA for that account
- Using an authenticator app, scan a QR code or enter a setup key
- Enter a one-time code to prove they have correctly installed the 2FA token
Step 1 — Exporting 2FA Tokens from Google Authenticator
As of 2023, Google Authenticator does not support users exporting 2FA tokens to be used in other authenticators. However, it does allow for transferring 2FA tokens to Google Authenticator on other devices by generating one or more migration QR codes which contain 2FA token data. These migration QR codes can be decoded to obtain their 2FA tokens which can then be imported into other authenticators.
In the Google Authenticator app, tap
Transfer accounts, then
continue. For each QR code shown, take a screenshot and send to your computer.
On your computer, make sure Homebrew is installed:
$ /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
Install zbar to decode migration QR codes:
$ brew install zbar
Install go to install otpauth:
$ brew install golang
Install otpauth to derive 2FA tokens QR codes from migration QR codes:
$ go install github.com/dim13/otpauth@latest
Navigate to a directory containing just the Google Authenticator migration QR codes. Then create a Bash script and make it executable:
$ touch create-2fa-token-qr-codes.sh
$ chmod +x create-2fa-token-qr-codes.sh
Update the script’s source to:
# For each migration QR code image file
for migration_qr_code in *.PNG; do
# If there are any migration QR code image files
if [[ -f "$migration_qr_code" ]]; then
# Decode migration QR code
migration_uri=$(zbarimg --raw --quiet "$migration_qr_code")
# If migration QR code was successfully decoded
if [[ $? -eq 0 ]]; then
# Generate and save a 2FA token QR code to "out" directory
$HOME/go/bin/otpauth -qr -link "$migration_uri" -workdir "out"
Run the script to generate 2FA token QR codes:
Step 2 — Importing 2FA Tokens into Dashlane
- On your phone, open the Dashlane app
- Navigate to
- For each QR code in the
outdirectory on your computer:
- On your phone, search Dashlane for the corresponding login
- Tap the item, then
Add 2FA token
- Scan the QR code displayed on your computer with your phone
Before you delete the now-redundant 2FA tokens from Google Authenticator, I recommend comparing one-time codes from both apps to make sure you imported them properly. If the codes do not match it may indicate you added a 2FA token to an incorrect account.