QR code for 2 factor authentication

I was migrating all my 2 factor authentication keys to my new phone the other day, and I realize that the representation of different keys in Google Authenticator is different. In Google Authenticator, there are 2 places for labels for each key. One is above and one is below. Some of the keys I have doesn’t show the label above. Therefore, I decided to take a look at the reason behind it.

The key Uri format

As you may know, a QR code is just a way to encode and represent a string. All the QR codes that you scan to add your 2 factor authentication keys to your Google Authenticator are just formatted Uris. The key Uri has the following format


For the TYPE, it’s usually totp. The LABEL is what you see below your one-time password in Google Authenticator. It’s used to describe what this key is for. As for the PARAMETERS, there are two important parameters. First is the secret parameter. This parameter is the actual key. If you decode the QR code, you can see that it’s actually the same as the key for manual entry. Second important parameter is the issuer parameter. This parameter is optional, but it contains issuer information. This is for the label displayed above your one-time password.

An example for a valid key Uri would be


If you encode this kind of string into a QR code, Google Authenticator should be able to recognize it.

Formatting your Google Authenticator

Now that you understand the key Uri scheme, it’s pretty easy to format the keys in Google Authenticator such that all 2 labels are displayed nicely. You just need to download the original QR code, decode it into a string. Then you can edit the information or add any information that is missing. Then you encode it into a new QR code, and let Google Authenticator scan it. Voila, now everything becomes nice and tidy in your Google Authenticator app.


comments powered by Disqus