In this article, I will describe the steps I took to move my existing 2FA accounts from Google Authenticator to Bitwarden Password Manager by extracting the Secret Keys from the Google Authenticator QR codes.
For years I have been using Google Authenticator without realizing how difficult it will be to switch to other applications that also support 2FA authentication.
Only recently I decided to move my 2FA accounts from the GA app to 1Password just to find out that it is impossible without knowing the Secret Keys used to set up the account in the first place.
To export Google Authenticator to Bitwarden, you have to extract the Secret Keys and generate a new set of QR codes using an extraction tool capable of decoding and extracting data from the Google Authenticator QR codes.
Can Bitwarden be used as Authenticator?
Bitwarden offers the same functionality as other popular authenticator apps like Google Authenticator or Authy.
Bitwarden for mobile devices can scan the QR codes and generate six-digit TOTP codes. However, the desktop version of the application does not have a QR code scanner and relies on Secret Keys to be typed manually when adding an account.
The problem of exporting TOTP accounts from the Google Authenticator app.
The issue you encounter when moving Google Authenticator accounts to Bitwarden is similar to other applications like 1Password, Authy, or Microsoft Authenticator.
I have described this problem in detail in my related articles, so this time I will just highlight the specific problem with the Bitwarden Desktop app. For a full explanation, please follow the article below.
The Google Authenticator app Transfer Account option generates the QR code that then can be scanned using another device with the GA app installed on it to transfer the selected account.
The problem lies in the way GA encodes the data in the QR code making it unreadable by any other application capable of generating 2FA codes like Authy for example.
The desktop version of Bitwarden is even more affected by this problem, as the app does not have the option to scan the QR code in the first place.
In order to add the 2FA account to the desktop version of Bitwarden, you have to manually type the Secret Key.
If you haven’t saved your Secret Keys during the new account setup in the Google Authenticator app, the only option remaining is to extract the Secret Keys from the QR codes generated by the app when using the Transfer Account option.
You may think that you can use a mobile version of Bitwarden to simply scan the QR codes generated by the Google Authenticator app Transfer Accounts option and the new account will sync with the desktop app.
As I have already mentioned, the QR codes generated by the GA app can only be scanned using another GA app.
Go ahead and try now if you have a spare device, the Bitwarden mobile app will return an error message like the one below.
In this case, extracting the Secret Keys is the only option you have.
Extracting Secret Keys from the GA app.
I have already described the process of extracting the Secret Keys from the GA app,
Make sure to read my related article on how to extract the Secret Keys from the Google Authenticator QR Codes before continuing with this article.
The steps described in the article above are crucial for successfully exporting your 2FA codes from the Google Authenticator app to Bitwarden.
If you don’t like to read a long article, I have also created a YouTube video describing the process in detail. Still, I will highly suggest reading the article before watching the video tutorial below.
Exporting TOTP codes to Bitwarden.
If you followed my other article or the video above, you should have everything you need to export your 2FA TOTP account from the Google Authenticator app to Bitwarden.
You should have a new set of QR codes with the Secret Keys alongside in the windows console.
The extracted data should look similar to the picture below.
At that stage, the only thing remaining is to either scan the QR codes using the mobile version of the Bitwarden or type/paste the Secret Keys manually in the desktop version of the app.
The one thing worth mentioning is that some apps like Authy or 1Password struggle to scan the QR codes from the windows console (image above) due to the reveres colors – white QR code on the black background.
After my tests, It appears that Bitwarden is not affected by this issue, and you should be able to scan the codes as they are.
However, if for some reason the app will not be able to scan the QR codes, the solution is very simple.
Select the QR code you would like to scan in the windows console, this will force the app to reverse its colors back to a black QR code on a white background – see the image below.
Hopefully, that article helps you to move all your 2FA TOTP codes to Bitwarden where they could be managed much easier.
And remember, you can use the same technique to move Google Authenticator to any other app that supports the 2FA authentication using TOTP codes.