When you switch to a new phone it can be a pain to add your accounts to Google Authenticator. (You are using two-factor authentication with important accounts, right?). This tool allows you to easily generate QR codes for your accounts as long as you have the secret key, without having to disable and re-enable 2-factor authentication on each account. Jul 05, 2018 The way this works is the selected website will transmit a shared secret key to you via a secure channel, which will be stored in the Google Authenticator app itself. You'll need this key for any and all future visits to the website.
Secret keys may be encoded in QR codes as a URI with the following format:
Provision a TOTP key for user [email protected]
, to use with a service provided by Example, Inc:
This Base32 encoded key 'JBSWY3DPEHPK3PXP' has the value:
Here's another example with all optional parameters supplied
Try Browser Authenticator Demo, source at https://git.coolaj86.com/coolaj86/browser-authenticator.js
Don't use this option if you can avoid it.-passphrase stringUse string as the passphrase. This can only be used if only one passphrase is supplied. This can only be used if only one passphrase is supplied. Obviously, a passphrase stored in a file is of questionable security if other users can read this file. Generate gpg key without passphrase password.
Valid types are hotp
and totp
, to distinguish whether the key will be usedfor counter-based HOTP or for TOTP.
The label is used to identify which account a key is associated with. It contains an accountname, which is a URI-encoded string, optionally prefixed by an issuer string identifyingthe provider or service managing that account. This issuer prefix can be used to preventcollisions between different accounts with different providers that might be identifiedusing the same account name, e.g. the user's email address.
The issuer prefix and account name should be separated by a literal or url-encoded colon,and optional spaces may precede the account name. Neither issuer nor account name maythemselves contain a colon. Represented in ABNF according to RFC 5234:
Valid values might include Example:[email protected]
, Provider1:Alice%20Smith
orBig%20Corporation%3A%20alice%40bigco.com
.
We recommend using both an issuer label prefix and an issuer parameter, described below.
REQUIRED: The secret
parameter is an arbitrary key value encoded in Base32according to RFC 3548. The padding specifiedin RFC 3548 section 2.2 is notrequired and should be omitted.
STRONGLY RECOMMENDED: The issuer
parameter is a string value indicatingthe provider or service this account is associated with, URL-encoded according toRFC 3986. If the issuer parameter is absent,issuer information may be taken from the issuer prefix of the label. If both issuerparameter and issuer label prefix are present, they should be equal.
Valid values corresponding to the label prefix examples above would be: issuer=Example
,issuer=Provider1
, and issuer=Big%20Corporation
.
Older Google Authenticator implementations ignore the issuer parameter and rely uponthe issuer label prefix to disambiguate accounts. Newer implementations will use theissuer parameter for internal disambiguation, it will not be displayed to the user.We recommend using both issuer label prefix and issuer parameter together to safelysupport both old and new Google Authenticator versions.
OPTIONAL: The algorithm
may have the values:
Currently, the algorithm parameter is ignored by the Google Authenticator implementations.
OPTIONAL: The digits
parameter may have the values 6 or 8, and determines howlong of a one-time passcode to display to the user. The default is 6.
Currently, on Android and Blackberry the digits parameter is ignored by the Google Authenticator implementation.
REQUIRED if type
is hotp
: The counter
parameter is required when provisioninga key for use with HOTP. It will set the initial counter value.
OPTIONAL only if type
is totp
: The period
parameter defines a period that aTOTP code will be valid for, in seconds. The default value is 30.
Currently, the period parameter is ignored by the Google Authenticator implementations.