Yubico Forum

Yubikey vs Google authenticator - Which one is the best?
Page 2 of 2

Author:  DavidW [ Wed Dec 17, 2014 5:22 pm ]
Post subject:  Re: Yubikey vs Google authenticator - Which one is the best?

dvarapala wrote:
darco wrote:
I'm also not sure if the keys in Google Authenticator will be transferred to a new phone when you upgrade.

Worst case, the secret used by the Google Authenticator app can be manually transferred to a new phone if necessary.

You cannot read the secrets out of Google Authenticator unless the phone is rooted or you somehow gain direct access to the device's memory. If you change device and don't have copies of the secrets (e.g. hard copies of the QR codes), the easiest thing is to disable and re-enable two factor authentication on each of your accounts.

If you want to transfer secrets between devices and hold them more securely on your device, try the Authenticator Plus app . The companion Authenticator Plus Import app that reads your credentials from Google Authenticator only works on rooted devices, and serves as proof of concept as to the security issues of storing credentials on a rooted device. I don't root my Android devices.

The best approach for me is to store all secrets that I use actively in a secure element (my Neo), with offline copies kept under multiple levels of encryption. I don't have my digital certificates, my OTP credentials or my PGP key and its subkeys stored on any device in a readily usable format.

Author:  henrik [ Thu Dec 18, 2014 8:40 am ]
Post subject:  Re: Yubikey vs Google authenticator - Which one is the best?

I just wanted to add a third advantage of Yubico Authenticator over Google Authenticator (and Authenticator Plus): It's open source.

Page 2 of 2 All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group