This morning I woke up about 20 minutes late because my iPhone 11 crashed overnight while sitting on my charger. That's the first time I've every had an iPhone crash. After using the “volume up”, “volume down”, “hold power button” trick, the phone came back up. I quickly installed the latest Apple update 16.3.1, just in case I’d stumbled into a bug that has been fixed.
Before I got it running again I thought about having to buy a new phone and what I might lose because I wouldn’t be able to copy the data from the old phone to the new one. I’m relying on iCloud Backup for most of the important things (photos, mostly), and all of my passwords and pretty much all of the data I care about is in git or in databases on my server, so losing the phone wouldn’t affect any of that.
But I have two factor authentication with Google Authenticator set up for several important sites, and I would have no way to get this “factor” back if the phone was truly dead. When I upgraded to this phone several years ago I sent back my previous phone to Apple and didn’t realize Google Authenticator “data” only exists on that one device. Oops. Sort of the point, if I’d thought about it.
Google Authenticator has a mechanism for transferring its data to a new device. You click the three dots in the upper right corner, choose “Export accounts”, then scan the QR code that shows on the screen with the new device.
Instead of scanning it, I took a screenshot, edited the photo, downloaded it to my computer, converted it to a PNG, encrypted it to plain text, added it to my password store, then deleted the image. This is sort of overkill since I'm encrypting the image data, then my password manager is encrypting it again. Alternatives include converting the image to text using uuencoding, or Eric Raymond's PNG to text converter, but doing it this way only requires tools I'm always going to have (GNU Privacy Guard and pass)
Here’s what the process looks like.
# Convert to a PNG (probably not necessary, but it's *data* so...) $ convert -quality 100% IMG_0112.jpeg google_auth_qr_2023-02-15.png # Encrypt $ gpg --encrypt --armor google_auth_qr_2023-02-15.png $ rm google_auth_qr_2023-02-15.png # Add to password store (-m means multi-line) $ cat google_auth_qr_2023-02-15.png.asc | \ pass insert -m Internet/google-authenticator/qr_2023-02-15.png $ rm google_auth_qr_2023-02-15.png.asc
If I ever need to recover it in the future, I do the reverse, which looks like the following.
$ pass Internet/google-authenticator/qr_2023-02-15.png > /tmp/foo.png.asc $ gpg --decrypt /tmp/foo.png.asc > /tmp/foo.png