CRU Solutions | Cleveland Managed IT Services & IT Support -

How to Safely Transfer 2FA Authenticators to Your New Phone

How to Safely Transfer 2FA Authenticators to Your New Phone

How to Safely Transfer 2FA Authenticators to Your New Phone

You have a new phone!  Remember to take these few extra steps to safely transfer your 2FA authenticators (not as much fun as your photos and videos, but necessary).

2FA Authenticators

2FA (also called multi-factor) authenticators help keep your online accounts secure.  Using 2FA changes the security requirements for using the app.  It forces you to provide at least two proofs of identity when accessing a secure service. Those two forms of authentication can come from any combination of at least two of the following elements:

  • “Something you know,” such as a password or PIN
  • “Something you are,” such as a fingerprint or other biometric ID
  • “Something you have,” such as a trusted smartphone that can generate or receive confirmation codes (the authenticator app).

You may have more than one authenticator, and you may also have several different apps that use the same authenticator.  That’s why it’s necessary to transfer them properly so you don’t find yourself locked out of your accounts.

Microsoft and Google Authenticators

Since Microsoft and Google are among the most common authenticators, we’ll talk about those here. For both, make sure the authenticators on your old phone are the most current version, and back them up before you begin the process.

Make sure you have a copy of the backup codes for each account before you attempt to change your authenticator device. You’ll then be able to use those if you experience any issues when trying to recover your accounts.

How to move your Microsoft Authenticator step-by-step.

How to move your Google Authenticator step-by-step. 

After you’ve safely transferred your 2FA authenticators to your new phone, use them carefully.  A newer tactic called “prompt bombing” can take the form of receiving repeated notifications on your phone to confirm a sign-in. The goal is to annoy and wear you down so you approve the sign-in, allowing the bad guys to break through the 2FA. If you didn’t initiate a sign-in, deny any notification asking you to allow it.

If you’d like to know more about how CRU Solutions can help keep your business safer, contact us.