MS Authenticator app feature request: export to file / import from file

New Contributor

I really enjoy using the authenticator app, but I'm worrying about my phone getting stolen and losing access to all of the accounts associated with it.

 

I see there is a cloud backup feature, but I have issues with it: (1) if it requires a strong login, that's an issue when my phone is stolen, because I also can't receive text messages anymore, or (2) if it doesn't require a strong login, that's also an issue, because anyone with my personal email + password could recover my MS authenticator data too.

 

To me it seems like the cloud backup feature was intended for moving the account between phones, not as actual backup.

 

To get an actual backup, I would like to be able to manually export the app data* to a file (possibly with password encryption), so that that file can then be imported by another phone in the event of phone theft. I can then put my pw (or an unencrypted backup file) in my locally stored password manager, and safely allow my phone to get stolen ;)

 

* everything required to generate the one-time tokens including private keys. So not a token that gives access to cloud storage.

 

@Alex Simons_ @Olena Huang 

7 Replies

I think that would be a poor solution to the problem.

Compare how the Google Authenticator accounts migration implementation works. It's a simple and slick 2 step process. I was done in under 10 seconds!

Why request an archaic solution to this problem?

@George McDonald 

 

How does the google authenticator immigration implementation solve this problem? I'm not familiar with it, and from what I can find online, there are many different overlapping features on this topic.

Maybe there's a better solution, but I just don't know about it!

@Jeroen12

I explained everything in my initial request to MS on the matter, to which you commented at a point in time (hence the alert in my mailbox).

In short, this is how the GA process works:
1.) On the existing Mobile GA app >>> Tap settings >> Transfer Accounts = You are presented with a QR Code.
2.) On the new Mobile GA app >>> Click the + symbol >>> Scan a QR code = All your accounts have been transferred from old to new! Done!

I use both apps, so every time I get a new phone I have to feel the pain with the MS app and ask myself the Q, why don't I just spend the time to move all my Auth. accounts to Google Authenticator and be done with MS.....I cant find a reasonable reason not to, other than never having the time.
While it does sound like a useful feature, it's for solving a different problem than I'm describing. I want a backup for when I lose access to my current phone + phone number.
Ohh ok, I thought you are referring to it as a means of migration.

Backups or means of account recovery are typically handled at the account level by means of Backup/Recovery codes and solutions of a similar kind, per account. I'm not aware of a solution that exists at an app level that would encompass all of your accounts. These auth solutions are app permission at the account level, after all.
Ah that makes sense. Recovery provided on the account level would work.
Unfortunately not all services offer them. I started out by looking at Paypal, who don't offer backup codes. Just now I came across 3 pages of users complaining about it: https://www.paypal-community.com/t5/Managing-Account/Backup-codes/td-p/1812619/page/3
I suppose we can't blame the MS Authenticator app if the services don't properly implement backup codes...
Sure.

I do agree that most of these solutions are lacking in what should be basic feature sets to both migrate and recover from the obvious "accidentally loss, or damage of a mobile device".

However, one has to consider the balance of security vs. convenience, as if you make it very convenient to get access to sensitive information and create backdoors on this level of app, you are opening the doors to the whole castle for a would be malicious person.