Transferring 2FA Tokens from Google Authenticator to Dashlane

November 23, 2023

Understanding Two-Factor Authentication

Two-Factor Authentication (2FA) is an authentication method that allows users to better secure their accounts by requiring two different authentication factors to log in. For example, requiring not only a password but also a one-time code. Users can receive one-time codes through text messages, emails, or an authenticator app.

To enable 2FA for an account, users typically follow these steps:

Log in to the desired account
Select the option to enable 2FA for that account
Using an authenticator app, scan a QR code or enter a setup key
Enter a one-time code to prove they have correctly installed the 2FA token

Step 1 — Exporting 2FA Tokens from Google Authenticator

As of 2023, Google Authenticator does not support users exporting 2FA tokens to be used in other authenticators. However, it does allow for transferring 2FA tokens to Google Authenticator on other devices by generating one or more migration QR codes which contain 2FA token data. These migration QR codes can be decoded to obtain their 2FA tokens which can then be imported into other authenticators.

In the Google Authenticator app, tap Menu, then Transfer accounts, then continue. For each QR code shown, take a screenshot and send to your computer.

On your computer, make sure Homebrew is installed:

$ /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"

Install zbar to decode migration QR codes:

$ brew install zbar

Install go to install otpauth:

$ brew install golang

Install otpauth to derive 2FA tokens QR codes from migration QR codes:

$ go install github.com/dim13/otpauth@latest

Navigate to a directory containing just the Google Authenticator migration QR codes. Then create a Bash script and make it executable:

$ touch create-2fa-token-qr-codes.sh
$ chmod +x create-2fa-token-qr-codes.sh

Update the script’s source to:

#!/bin/bash

# For each migration QR code image file
for migration_qr_code in *.PNG; do

    # If there are any migration QR code image files
    if [[ -f "$migration_qr_code" ]]; then

        # Decode migration QR code
        migration_uri=$(zbarimg --raw --quiet "$migration_qr_code")

        # If migration QR code was successfully decoded
        if [[ $? -eq 0 ]]; then

            # Generate and save a 2FA token QR code to "out" directory
            $HOME/go/bin/otpauth -qr -link "$migration_uri" -workdir "out"
        fi
    fi
done

Run the script to generate 2FA token QR codes:

$ ./create-2fa-token-qr-codes.sh

Step 2 — Importing 2FA Tokens into Dashlane

On your phone, open the Dashlane app
Navigate to Home, then Logins
For each QR code in the out directory on your computer:
- On your phone, search Dashlane for the corresponding login
- Tap the item, then Edit, then Add 2FA token
- Scan the QR code displayed on your computer with your phone
- Tap Save

Before you delete the now-redundant 2FA tokens from Google Authenticator, I recommend comparing one-time codes from both apps to make sure you imported them properly. If the codes do not match it may indicate you added a 2FA token to an incorrect account.