Securely transferring 2FA Apps

Safeguarding Your Business: The Security of Transferring 2FA Apps to a New Phone

Security of information is a constant concern, especially when it comes to protecting sensitive information. Security is a concern for our private information and is legislated requirement for information businesses hold in regard to their clients.

There is information we are allowed to store, and some that privacy laws forbid us from storing.

What it all points to is the need for secure storage and for systems that demonstrate good governance.

This has led to 2 factor and multi-factor authentication being the norm for accessing cloud based storage. This includes for accessing what might be considered our simple apps, such as email.

2FA adds that extra layer of security, but what happens when you get a new phone?

Transferring data and apps from one phone to another is a pretty simple process with modern systems and phones.

Typically, as you start the new phone it will take you through a procedure that leads to using your new phone to simply scan a fuzzy image on the old phone, and the system takes over.

However, the process of transferring these 2FA apps and their associated codes from one phone to another is not quite as straightforward. This blog explores the security implications of moving your 2FA setup from an old device to a new one, focusing on the differences between Google Authenticator and Microsoft Authenticator, and what that means to your business in terms of systems and being seen to protect data as best you can.

(Please contact us and discuss having us assist you in this process to make sure that security protocols are followed, and to make it easier for you to do.)

Google Authenticator

Google Authenticator is popular due to its simplicity and wide adoption. It provides a relatively straightforward process for transferring your accounts from one device to another.

When you switch to a new phone, Google Authenticator allows you to move your accounts by scanning a QR code generated by the old device. This process is user-friendly, but the automatic nature of the transfer process does not provide the highest level security.

Because the transfer is largely automated, there’s a reliance on the assumption that the old device is secure at all times. If someone gains access to your old phone, they could potentially initiate a transfer without further verification, placing your accounts at risk.

Moreover, Google Authenticator doesn’t require additional identity verification steps beyond scanning the QR code. This means that if someone else were to access your QR code, even briefly, they could duplicate your 2FA codes onto their device without your knowledge. This lack of additional security checks might be fine for personal use, but for a business handling confidential data, this could present significant risks.

Microsoft Authenticator: A More Secure Alternative?

Microsoft Authenticator, is designed with a protocol that is considered more secure. While it may be slightly less convenient than its Google counterpart, it compensates by providing, what might be considered, more robust protection during the transfer process.

One of the key advantages of Microsoft Authenticator is its requirement for a cloud backup, which is encrypted and tied to your Microsoft account. When you set up a new device, you don’t just automatically transfer your 2FA codes. Instead, Microsoft Authenticator requires you to sign in and verify your identity—typically through a password or biometric authentication—before any transfer can be completed. This additional layer of security ensures that only you can restore your 2FA codes on the new device.

The manual nature of this process, while adding a few extra steps, significantly reduces the risk of unauthorised access. If your old phone is compromised, the intruder would still need to pass through these identity checks to access your 2FA codes on a new device. This feature is particularly valuable for businesses that must protect sensitive client information or proprietary data.

Furthermore, the cloud backup feature in Microsoft Authenticator means that even if you lose your phone, your 2FA codes are not lost. They remain securely stored and can be restored once your identity is verified. This contrasts with Google Authenticator, where losing your phone without having backed up your 2FA accounts has a higher chance of causing disruption.

What Best for Your Business?

As a business owner, ensuring the security of your two-factor authentication setup is crucial. While the process of transferring your 2FA apps might seem like a minor task, the potential risks involved in choosing convenience over security could have serious consequences.

We always advise, from a technical perspective, to opt for the more secure alternative, while realising that every person and business needs apps and processes that best suit them.

Please contact us to discuss the best authenticator, and steps for protection, for the data you keep and your business.

Where to find more information

Loyal I.T. Solutions provides advice and implementation of the right hardware and software for your business. We are here to help. Please contact Loyal I.T. Solutions at 02 4337 0700 or reception@loyalit.com.au.