Many people woke up recently to the news that their iPhone’s Google Authenticator app had been automatically updated with an improved look and some bug fixes. Unfortunately it also came with a bug that wiped all previous authenticator data. Ouch!
This issue is just an irritant to some users, who would be able to restore from a recent backup automatically by iTunes, but I’m betting there are users who didn’t have a recent backup or hadn’t done one since they had last added an authenticator.
When was the last time your device backed up? And when was the last time you checked to see if it would restore properly?
We put a lot of faith into automatic recovery systems, and when things work, they can work well. But when they don’t, it’s too late and can cause a lot of headaches.
Two-factor authentication (2FA) is becoming a necessary feature of so many sites and services, but it must be treated like all security systems, it isn’t infallible. You need to ask yourself the worst case, “What would I do if I lost my phone?”.
If you had lost your house keys, hopefully you or your spouse/partner/roommate would have a spare (backup) set, or you could call a locksmith to let you in. It’s inconvenient, but not the end of the world. No one imagines they aren’t ever going to get back into their house because they lose a key.
There is of course the other aspect, which that now potentially someone has access to your keys (if they were stolen or just found) and your house is not as secure as it was before. You might consider changing the locks.
No different with the Google authenticator app on your phone. If you lose the phone, or the data within it, you need to be able to get it back quickly and possibly treat it as a security risk.
So how do you back up your phone?
With an iPhone, you have two choices. Backup when syncing to iTunes (or manual backup) and the automatic iOS backups to iCloud. The iCloud backup is the simplest for most people, which is done daily but only when you are connected to the internet and on to a power source. If you go into Settings > iCloud > Storage and Backup, at the bottom you can see when the backup was last done.
Android has a similar approach. Google services running on your phone keep an automatic backup of your app settings to their servers. If you go into Settings, choose your Google Account, you can see when the last sync was done. If you click that, you can also check what is being synced, and you need to make sure it includes App Data. This includes your authenticator data.
For Android, there are also 3rd party options that can give you much more control over the backup and restore process. For instance, you could selectively restore one app at a time, and even choose from a history of backups. Something not possible with the automatic Google approach. Apps like Titanium Backup or Carbon can do low level backups, although you’ll get the best features if your phone is rooted.
Check your phone is making recent backups. Make manual backups. Don’t lose the keys.
Photo credit: Mark Hunter