Home » Multi-Factor Authentication » Authenticator Apps » Google Authenticator » Extract Secret Keys from Google Authenticator QR Code.

Extract Secret Keys from Google Authenticator QR Code.

DISCLOSURE: THIS POST MAY CONTAIN AFFILIATE LINKS, MEANING I GET A COMMISSION IF YOU DECIDE TO MAKE A PURCHASE THROUGH MY LINKS, AT NO COST TO YOU. PLEASE READ MY DISCLOSURE FOR MORE INFO.

Table of Contents

If you are reading this article, I’m sure you are aware that the QR codes generated by the Google Authenticator app when transferring accounts are unreadable by other similar applications capable of generating the TOTP codes. For example, applications like Authy, Microsoft Authenticator, LastPass, or 1Password, to name a few, will return an error message when attempting to scan the QR code.

The whole idea of extracting Secret Keys from Google Authenticator came about when I wanted to export my Google Authenticator accounts to 1Password. To my surprise, the 1Password could not read the QR codes generated by the Google Authenticator app, and I did not have the Secret Keys.

I had two choices; visit each account secured with the Two-Factor Authentication and rescan the QR codes with the 1Password or try to extract the Secret Keys from the Google Authenticator QR codes. I have immediately discarded the first option due to the many accounts I have in the Google Authenticator app and the hours it will take to visit all the sites.

Having only one option left, I started my research. I quickly found a simple solution in the form of a decoding software that is easy to use and does the job of extracting Secret Keys from Google Authenticator QR codes very well.

Related Articles:

QR Code data Extract – The video guide.

Exporting Google Authenticator accounts.

To export Google Authenticator accounts, select the Transfer Accounts option from the Google Authenticator menu, followed by the Export Accounts option.

Transfer accounts option in the Google Authenticator.
Select the Transfer Accounts option from the GA menu.
Export account option in the Google Authenticator.
Select the Export Accounts option and follow the guide.

You can either generate a QR code for each account in the Google Authenticator or select them all as a batch which will produce one or more QR codes depending on the number of accounts you have chosen. The method of extracting the Secret Keys from the QR code I presented in this article will work either way but exporting all accounts at once will save you a lot of time.

Extracting the data from the QR Code.

By the way, did you know that the 1Password has an Authenticator application built into it that will automatically populate the 2FA codes for you on the login page both on your computer and the mobile browser? I have been using 1Password for over three years now, and I cannot overstate how much I like this Password Manager. You can try 1Password for free for 14 days or visit the 1Password website for more information.

The first thing I needed to do was extract the data embedded within the QR code using a mobile phone camera.

Most modern mobile phone cameras can read QR codes, but if yours doesn’t work for some reason, then download the most popular QR Code Scanner app from the app store and use this instead.

We can do this in several ways, but my favorite was to take a picture of the Google Authenticator QR code using my spare phone. I then pointed my primary phone camera at the QR image I had just taken until the link appeared at the bottom of the screen. The QR scanner my camera uses reads the data encoded within the QR code and returns it as a hyperlink. Clicking that link will open the browser where we can copy the data from the address bar.

Get your spare phone and take a picture of each QR code generated by the Google Authenticator app. Remember that the screenshot option is disabled when using the Google Authenticator app; you will need a spare phone, digital camera, a webcam, or a third-party screenshot app to take the picture.

Exporting Google Authenticator to 1Password.
The QR codes are generated by the Google Authenticator app when exporting all accounts at once.

As long as the device you used to take the pictures of the QR codes has a screen, you are good to go. Otherwise, send the images to your computer or another device where you can display them on the screen.

You can see the example of me pointing the camera at the QR code image captured using my spare phone below. Notice the red arrow pointing at the data extracted from the QR code.

Taking a picture of the Google Authenticator QR code.
Extracting the data embedded within the Google Authenticator QR Code.

Click the link to open the browser and copy the data from the address bar into the Notepad or Notepad++.

Data extracted from the QR code.
Copy the data from the address bar and paste it into the Notepad++.

The data copied from the browser address bar should look similar to the example on the image below.

Extracted data from the Google Authenticator QR code.
Data extracted from the QR code – otpauth-migration.

The data embedded within the Google Authenticator QR code has been encoded with the base64 and proto3 message protocol (Google Protocol Buffers). Now that we have that data, we will pass it through the decoding software, which will extract the Secret Keys and produce new QR codes.

Download the Secret Key extraction software.

Note: Although I have used the software below successfully, I am not the owner of this software or have any affiliation with the author. You are using the software at your own risk.

Follow the link below and download the ZIP file to your computer.

extract_otp_secret_keys

Extract Secret Keys from Google Authenticator software on github.
Downloading the software ZIP file from GitHub.

Once downloaded, unzip the archive on your desktop and open the directory.

The directory listing the QR code Secret Keys extraction software files.
Files of the Secret Keys extraction software.

Install Python on your computer.

Make sure to check the Readme file, which will list the requirements for the software. For example, when I was writing this article, Python 3.8 was the version I had to install.

Open the Microsoft Store, type Python in the search box, and press enter.

Python 3.8 in the Microsoft Store.
Installing Python 3.8 from Microsoft Store.

Click the version of the Python listed in the Readme file and install it.

Installing Python 3.8
Installing Python 3.8 version required for the Secret Keys extraction tool.

Close the Windows Store window once the installation has finished and open the directory with the software.

Preparing the data for Secret Keys extraction.

Get back to the directory with the software and open the example_export.txt file in the Notepad or Notepad++. Select everything and delete the sample data. Then, copy the data we extracted earlier from the Google Authenticator QR code, paste it into the text file, save it, and close it down.

Note: If you have more than one set of data extracted from multiple QR codes, make sure each set is on a separate line.

The encoded data extracted from the QR code.
Each red box represents a set of data extracted from a single QR code generated by the Google Authenticator app.

The software we will use to extract the Secret Keys from the Google Authenticator QR code is a console tool. Type the CMD in the folder address bar and press Enter to open the command line window.

Opening command line within the directory.
Opening CMD within the directory.

If you’ve done everything correctly, you should see the command line window like the one below.

Command line window that points to the Secret Keys extraction software.
Command line window.

Now that we have our data ready, we must install the dependencies to allow the software to decode the provided data and extract the Secret Keys.

Get back to the command line window, and type the following commands one after another, remembering to press Enter after each command.

  • pip install protobuf
    • Press Enter.
  • pip install qrcode[pil]
    • Press Enter.

The first command installs the Google Proto3 protocol package required for the software to decode the data. The second command is optional and allows the software to generate the QR codes for each account decoded using the software. You will be able to have your Secret Keys and new QR codes that any 2FA software can read, unlike the QR codes generated by the Google Authenticator app.

Windows command line window.
Installing dependencies for the QR code Secret Keys extraction software.

Extracting Secret Keys from the encoded data.

Finally, we are ready to run the software and extract the Secret Keys. Get back to the command line, type or paste in the following command, and press Enter.

  • python extract_otp_secret_keys.py -p example_export.txt

If all went fine, you should see the results in the command line window. The software extracted the Secret Keys and generated a new QR code for each account.

Extracted Secret Keys from Google Authenticator QR codes.
Extracted Secret Keys from Google Authenticator QR codes.

Can you screenshot Google Authenticator QR codes?

You will not be able to take a screenshot of the Google Authenticator app when using your phone’s built-in screenshot option. However, downloading a third-party application from the app store will allow you to circumvent this security feature. The other option that I have used in the example above is to use a spare phone to take pictures of the Google authenticator QR codes.

My Favorite Software and Hardware.

Thank you for reading this article. I hope you found it helpful. Here is the list of the software and hardware I am personally using, which I believe you may also find useful. These are affiliate links, so if you decide to use any of them, I will earn a small commission at no extra cost to you. But in all honesty, this is the exact software I have installed on my computer and the hardware I have been using to secure my online accounts or store my passwords.

1Password Password Manager - I have been using 1Password for over three years now, and in my opinion, it is the best Password Manager yet. You can try 1Password for free or check the latest deals on the 1Password website.

YubiKey - This is a hardware authentication device that you can use to protect your online accounts or even computers. If you are thinking of getting one, I will highly recommend Yubikey 5C NFC, which, thanks to the NFC, can also be used with your phone. If you are an Apple user, the YubiKey 5Ci is the best next choice, in my opinion.

Bitdefender Total Security - I had tried other Anti-Virus software whenever my Bitdefender license was about to expire. However, at the end of the day, this is still my favorite Anti-Virus. You can check the latest offers on the Bitdefender site.