How-to: Move from Google Authenticator to Aegis
Tagged: guide python hacking
Moving off Google Authenticator had been on my TODO list for a long time. A growing sense of unease, maybe even distrust, was at the root of it. But change is hard and nothing better caught my attention.
Then, Aegis appeared in my RSS feed. It looks like a solid open source alternative. Its github repository looks legit and actively maintained. This event lit a fire in me and I sat down to finally move away from Google Authenticator.
Immediately, I hit a wall: there's no simple way to transfer the tokens from Google Authenticator and into Aegis. Authenticator can only export the tokens as one or more QR image. Aegis can import either an Aegis backup or an Authenticator database. The latter requires a rooted Android.
Typing tokens by hand is out of the question because it's senseless toil. Rooting my phone is out too because it would involve too much time.
I decided to capture the Authenticator QR exports and turn them into a series of QR images, one for each token. Then, I could simply scan each image with Aegis and save the token. The whole process was simpler than I thought it would be.
The Simple 8 Step Process
What you need:
- A computer with a webcam.
The process goes as follows:
- Install a program to read QR codes from a webcam. For Linux,
- In Google Authenticator, select the option to export your tokens from the menu. It will display one or more QR codes.
- Fire up
zbarcamor its equivalent and use it to read each QR code that Authenticator displays. Each QR code should output a string beginning with
- Save each string to a separate text file, eg.
- Download and extract github.com/scito/extractotpsecret_keys. It's a python script that can parse the output strings and turn them into QR images.
- Install its dependencies:
pip install protobuf qrcode[pil]
- Run the script against each text file from step 4, eg.:
python extract_otp_secret_keys.py -s qr1. This will create a separate PNG QR image for each token
- . NOTE: some tokens may be displayed in the terminal, so don't clear it!
- Use Aegis to scan each QR code output by the script.