WordPress – Locating the Google Authenticator Login Token

I accidentally wiped the data on my Android device losing all my Google 2-factor authentication tokens.

Using the Google Authenticator plugin for WordPress by Henrik Schack meant I was now unable to login to my blog. In order to login to my blog, I would need to either erase the plugin removing the 2-factor authentication (rm wp-content/plugins/google-authenticator/), or obtain the secret key and add the secret key back to the Google Authenticator application on my Android device. Rather than erase a plugin I wanted to use, I started searching for the key. Unfortunately, I wasn’t able to easily find this information.

I manually started searching through the WordPress database and found the secret key under the usermeta table in the field called googleauthenticator_secret. Providing this key to the Google Authenticator application allowed the application to start generating the login tokens again and allowed me to log back into my blog!

Hope this helps somebody else in the same situation!

1 Comment on “WordPress – Locating the Google Authenticator Login Token

  1. It might be of interest that we have recently published another plugin for strong authentication. It prefers usability to security so you can either login with a password or with one-time code.

    If you’re on a secure network, you may want to use just your password but open your smart phone when connected through an insecure WiFi (cafe, train, …).

    We tested it with a few smart phone apps: Google Authenticator, Pledge, DS3 OATH, AWToken so you don’t have to rely on Google completely.

    Try to search for S-CRIB OTP Authenticator in the list of WordPress plugins (http://wordpress.org/extend/plugins/s-crib-otp-authentication/ ).

Leave a Reply

Your email address will not be published. Required fields are marked *