To protect your privacy: email us with billing or account questions instead of posting here.

Importing 2FA from Google Authenticator

matyasrichter
matyasrichter
Community Member
edited June 2023 in Memberships

Hi!

This is a feature request for something I've come across recently.

Google's Authenticator app allows users to export and import their 2fa keys. It provides a QR code that is to be scanned by the same app on another device. The issue is, the string in this key isn't the standard "otpauth://totp/..." format, but rather a proprietary base64-encoded protobuf payload. It's still possible to decode this for importing it to 1Password, example "rev-engineered" implementation can be found in this repo: https://github.com/scito/extract_otp_secret_keys
Would it be possible to support this natively within 1Password in the future, so that we don't have to rely on a third party tool to migrate accounts to 1P?

All the best,
Matyas


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided

«1

Comments

  • Hey @matyasrichter:

    Thanks for your feedback here! While I can't promise anything I can definitely see how it would be handy to import all of your one-time passwords from Google Authenticator. I've added your input to a feature request we have on the topic. Be sure to get in touch if you need anything in the future!

    Jack

    ref: dev/projects/customer-feature-requests#932

  • anirudh
    anirudh
    Community Member

    Is there any update on this feature?

    Thanks,
    Anirudh
    Economize

  • ankhazam
    ankhazam
    Community Member

    @ag_timothy , any updates on this feature? ;)

  • Hey @ankhazam / @anirudh:

    Nothing to share just yet. Thanks for sharing your interest!

    Jack

  • tycoooon
    tycoooon
    Community Member

    Would be really handy indeed 👍
    Currently I have to use a QR code scanner and a CLI tool to convert from Google format.

  • Hi @tycoooon:

    Thanks for adding your thoughts! I've added your thoughts as well.

    Jack

    ref: IDEA-I-1416

  • rekire
    rekire
    Community Member
    edited October 2022

    I'm still on the migration path and such small details make it very painful. This makes me think: When the migration is already so painful what else is implemented poorly.

    The decoded string of the tool mentioned by @tycoooon is also not detected by 1password. When I paste the secret of the URL it works smoothly.

    Off topic: I already found out that there is no support for Flutter Apps on Android. You cannot switch the type of imported Passwords. You cannot import the creation date of an imported password. Hmmm...

  • @rekire

    Thank you for the feedback. I've added your vote in favour of a feature to import 2FA QR codes from Google Authenticator to our internal tracking item for the feature request.

    I'm sorry that you've had a rocky migration. I see that you've created a separate dedicated thread regarding Flutter apps and some other points and one of my colleagues from the Android side of things will reply there. 🙂

    -Dave

  • weblogik
    weblogik
    Community Member

    Please this is a must!

    Thank you!

  • @weblogik

    Thank you for the feedback! I've added your vote as well. 🙂

    -Dave

  • nedh84
    nedh84
    Community Member

    Please add this feature! Would love to have 1Password be my one stop shop for all my password needs.

  • @nedh84

    I've added your comment to the conversation. 😊

    -Dave

  • rossumcapek
    rossumcapek
    Community Member

    Please add this feature!

  • julianzpe
    julianzpe
    Community Member

    Super important, migrating from Google Auth requires me to redo all 2FAs every time! This is a must.

    Any updates?

  • Hey @julianzpe

    Could you please elaborate on what you mean by 'every time'? Are you storing all of your OTPs in both 1Password and Google Authenticator, or performing this migration from Google Authenticator to 1Password more than once? If the former: when presented with an OTP setup code, you can scan that same code with both 1Password and Google Authenticator to add it to both. That may help speed up the process.

    I'm not aware of any immediate plans for a migration tool from Google Authenticator to 1Password, but I will continue to share the feedback here with our product team for evaluation. Thank you for the comments!

    Ben

  • julianzpe
    julianzpe
    Community Member

    @Ben, my apologies, looks like I was really lazy when writing my message.

    Let me rephrase my comment:

    When migrating to 1Password from Google Authenticator, I cannot do so in-bulk but rather need to recreate each 2FA (on its origin app). I have over 50 of them in Google Auth, so this is not an option for me. Would be ideal to have the ability to migrate them all to 1Pass.

    By 'every time' I meant that I need to recreate a 2FA for every item stored. Not the right word choice. Hope this clarifies now!

  • I see; thank you for clarifying!

    Ben

  • TambourineMan
    TambourineMan
    Community Member

    I haven't even started to be able to do migration yet, but this would be helpful.

    As an aside recently whenever I make a new Google Authenticator I take a screen dump of the QR code and store it in a VeraCrypt vault so I can add it to another device. Although last week I was very pleased to lean that I was able to easily export/import everything to a new Pixel (fortunately the old Pixel was still working).

  • @TambourineMan

    Thank you for the feedback and for sharing your personal workflow when it comes to one-time passwords! 🙂

    -Dave

  • rekire
    rekire
    Community Member

    As mentioned back in October with that tool is it possible to import the 2FA seeds without recreating it, but that is still a manual process.

  • heath
    heath
    Community Member

    Just started migrating to 1pass, and this is a pretty big inconvenience. The most painful part is removing the records from the Google Authenticator app after I've manually recreated the 2FA in 1Pass (to prevent using the wrong app). Because GA doesn't sort entries alphabetically on their edit screen. Been using this app for way too long, so I have too many entries.

    I would LOVE a bulk 2FA import option.

  • Thank you for the feedback, I've passed it along to the product team. 🙂

    -Dave

    ref: PB-31043084

  • samypr100
    samypr100
    Community Member
    edited February 2023

    It would be great if 1Password supported the "transfer account" export format Authenticator provides to export the TOTP keys. (See more here https://support.google.com/accounts/answer/1066447 --> "Transfer Google Authenticator codes to new phone")

    I've been following this issue where they've posted the links to how the reverse engineered the "otpauth-migration://offline?data=" protocol. https://github.com/google/google-authenticator-android/issues/118 and they show that apps like Aegis Authenticator to being able to decode it.

    There's a community Go implementation that decodes it https://github.com/dim13/otpauth and a NodeJS one here https://github.com/krissrex/google-authenticator-exporter. I've been able to decode mine this way, but it's a one-by-one situation which is time consuming.

    It would be nice if 1password supported converting "otpauth-migration://offline" format as it's not trivial for a non-dev to do so, although I understand the software maintenance burden of this so I'd be ok if it's an experimental importer.

  • Thanks @samypr100

    I've let the team know this is important to you.

    ref: PB-31395688

  • krischik
    krischik
    Community Member

    1Password can do 2FA codes? I have not seen that feature anywhere. Where is it hidden?

  • @krischik

    Use 1Password as an authenticator for sites with two-factor authentication Give this link a look. If you have any questions let us know.

  • bigfr0g
    bigfr0g
    Community Member
    edited March 2023

    Just started my 14 days testphase yesterday and i got really angry that it has been over a year and still no implementation from GA to 1P???

    And something like that costs 36$ per year?

  • StarterPack
    StarterPack
    Community Member

    I too would like to see this implemented

  • Kakkoister2
    Kakkoister2
    Community Member

    For myself I use 1Password as @ag_tommy suggested. One of my favorite all tie features of 1Password. Also, your TOTP seeds are automatically backed up along with your vault. I know this isn't 'true 2FA' but it is the most convenient for me.

  • DaleW
    DaleW
    Community Member

    Hi. New user transferred from LastPass. I have all my 2FA codes stored in Authy (similar to Google Authenticator). Haven't been able to work out out how to transfer these to 1Password. Would be a useful feature.