Import OTP Secrets from mobile GoogleAuthenticator?

Question

Import OTP Secrets from mobile GoogleAuthenticator?

EasyG0ing1 opened this issue 3 years ago · comments

Hello,

I wrote a Java app to keep my OTPs readily accessible on my laptop where I can quickly copy them to the clipboard automatically and use that to log into a website, rather than having to always refer to my mobile device.

The app works fine, but I'd like to take the QR image that Google Authenticator generates on my mobile device when I export my OTP accounts and import them into my Java app.

Is there a way to do this? If so, can you show me some example code perhaps? I should note that I can read the QR image just fine in my app, it's just that the string that I get appears to need some ... "interpretation" in order to decipher each of the OTP secrets.

Thank you,

Mike Sims

suhana17 · Answer 1 · Thu Sep 30 2021 05:45:48 GMT+0800 (China Standard Time)

Hello,
not sure if you found a solution but here is what I'm also exploring
https://letzdotesting.com/how-to-automate-two-factor-authentication-with-google-authenticator-using-selenium/

Michael Sims · Answer 2 · Thu Sep 30 2021 14:06:03 GMT+0800 (China Standard Time)

@suhana17 Thank you for that article, it was very good. Where I seem to be having an issue is in getting the OTP secret for each account that I have set up in Google Authenticator.

Best I can tell, that article teaches someone how to automate the passing of a single OTP password using the Selenium Chrome scripting language. And it seems to be teaching people how to authenticate to their email login specifically. If you look at their example about mid way down the page where they show TOTPGenerator class, line 10 has a hard coded totp secret which would have been obtained by the user when they enabled 2FA on their gmail account. One can obtain their top secret the first time they enable 2FA on ANY account since it is presented as a QR code when you enable 2FA.

What I am trying to do is obtain all of my top secrets from Google Authenticator for each account that I have stored in GA so that I can use them in my own application for my laptop.

Of course I could go to each account that I have in Google Authenticator and log into that account and then disable 2FA then re-enable 2FA to obtain a new secret, but that's a lot of accounts to do that with. But it looks like that will be my only option failing a response to this issue.