Latest Update: 2FA Hub works with WearOS 3 devices
The app for WearOS watches was changed to support Wear OS 3 devices. It was not easy (see here for details), but the most important thing is that it does work with the new devices now.
2023.06.28 Update [Obsolete]: No Connectivity to WearOS, App Suspended
Two bad things have happened lately, but a good one is that there is a free fix: [ Please use official downloads at Play Store ]
I also decided to make Wear OS watch app available for free while my dispute with Google continues:
[ Please use official downloads at Play Store ]
Sideloading the watch app can be tricky for those who are not familiar with Dev tools like ADB, but try this one: https://www.makeuseof.com/sideload-apps-wear-os-galaxy-watch and let me know if you had any problems.
Hint: download the watch app to your Dropbox account so the Easy Fire Tool can pick it up from there
Bad things:
1. Google’s bug in API 33 that they didn’t bother to fix in a year: https://issuetracker.google.com/issues/235538840?pli=1. That’s the reason why your WearOS watch can’t connect to a phone
2. Google delisted my 2FA Hub ( formerGACW ) app from Play Store quoting alleged infringement on Fitbit’s IP. I appealed, but they didn’t answer my messages. The issue is pending since 06/28/2023. I think they simply continue killing the Fitbit platform and its ecosystem this way: https://www.makeuseof.com/ways-google-ruined-fitbit/
Sorry for the inconvenience, but there is not much I can do with monopolists playing the hard ball. They still get all the money while their smaller “partners” (not really) are getting all the heat and blames 😡
I don’t have another way to distribute the app now. Probably I’ll have to create a new one if Google keeps ignoring my questions.
Purpose
An idea was to have a Google Auth/2FA TOTP Client running on all Android, Apple, Fitbit and Samsung watches with companion apps running on iPhone or Android. It includes:
- Contemporary high end Android phones running ver 6.0 or higher
- iPhones
- Contemporary Samsung Gear devices such as Gear S2, S3, Sport, Galaxy
- Apple watches
- Android Wear watches
- Fitbit Versa and Ionic watches
The major benefit is that it integrates phone’s, Wear and Gear’s 2FA apps in a single solution and allows transferring accounts between peers in any direction: from phone to watch or vise versa. There is no need for Google’s stock app anymore, because the companion includes all GA functionality and adds features that stock GA app is currently missing.
The companion allows scanning Google’s QR bar code, which is a client/server shared secret used for generating one time passwords (OTP).
In addition, the Android’s companion can be also used to backup and restore all 2FA accounts. Backups could be encrypted using a password based encryption (PBE) with HMAC signature intended for verifying backup’s integrity (e.g. signature verification will fail if a password is not valid).
Plain backups are also supported, but not recommended, since they are stored in Android’s “Download” directory that can be accessed by other applications that are granted “read storage” permission.
Using Dropbox for backup/restore operations makes syncing accounts across all your Android, Gear and Wear devices simple.
Where and How to Start
To create a 2FA account on your phone using this app, you’ll need a shared secret, which is a Base32 code generated by your 2FA provider. How to get that code depends on a provider and the code is generated at the time when you enable 2FA in your web app. Instructions for getting the code for all Google accounts are provided here:
However, those instructions change often, so the best way is to read recent 2FA enabling instructions for each provider. The app was tested and actively used with the following 2FA providers:
- Amazon
- WordPress
- Fastcomet
- DHS
- Sonic Internet Provider
- AWS
- Sophos VPN
- Google Cloud (GCP)
- G Suite
- Microsoft and their Azure products are supported with “use a different authenticator” app option that you need to chose when enable 2FA
The number of websites supporting 2FA grows fast and the list above will grow as well. Check also this to learn what other websites support TOTP: websites supporting 2FA
The following providers are known for not completely following TOTP standards or for hiding important implementation details, which makes integration with their solutions impossible:
- Symantec VIP
- Fidelity (uses Symantec VIP)
- Schwab (uses Symantec VIP)
The rule of thumb to check provider’s compatibility: if Stock Google Authenticator works, then GAC and GACW will work as well.
Compatibility with Google’s Authenticator
If a 2FA account supported by standard Google Authenticator, it should be supported by GACW mobile application as well. You can use Google Authenticator’s bulk export to generate a QR code and then import it in 2FA Hub.
If you didn’t use Google Authenticator before, you’ll need to request a new QR bar code from your 2FA provider and then scan it in 2FA Hub.
App Flavors and Their Usage
How to Choose Right App in Google Play Store
NOTE: This app has been decommissioned since 11/9/2019 due very low demand and confusion coming from not reading instructions.
There are two apps in Google’s Play store and the simple guidance below will help you to make the right choice.
- “2FA Hub – former GAC ” supports Samsung’s Gear and Android Phone. Choose this one if you want to have an authenticator that works as a standalone app on an Android phone, or if you want an Android phone and Gear app to work together. The Android app is free,
- “2FA Hub for multiple watches – former GACW” is very similar to the first one, except that in addition to Gear, it supports Android Wear, Fitbit and Garmin devices as well. It also doesn’t have any ads. Choose this one if you need support for both Gear and Wear or Fitbit and Garmin devices, don’t like ads, and don’t mind to spend $2.
- New 2FA Hub integrated with iPhones. Use this one if your mobile device is iPhone. It does require iPhone’s companion with the same name, which costs $4 in Apple App Store
How to Choose Right App in Samsung Store
There are three GAC apps in Samsung’s App store, and the guidance below will help you to to select the right one:
1. First Client for 2FA TOTP Google Authenticator without Android’s companion was created in 2015, supports many legacy devices such as Gear, Gear 2, Gear Neo, and Gear S, along with newer Gear S2, Gear S3, and Gear Sport. Use this application only is you need support for legacy devices. If you have S2, S3 or Gear Sport, consider other two choices. This app is completely free now, but is not actively supported and will be deprecated soon.
2. 2FA Hub (former GAC) with Companion was created in 2017, supports Gear S2, S3 and Sport only, and requires Android’s companion to work. Use this app if you have S2, S3, Sport, or Galaxy and like additional Android’s companion features such as bar code scanning and backups, and don’t need support for Android’s Wear and Fitbit devices.
3. “2FA Hub for multiple watches (former GACW) was created in 2018, has the same functionality as “2FA Hub”, but in addition, it also supports Android’s Wear, Fitbit and Garmin devices. Use this app if you have Gear S2, S3, Sport or Galaxy, and need support for other watches mentioned above. It’s free in Samsung store, but Android companion will cost you $2 in Play Store, so in the end the price is the same as for 2FA Hub.
4. Finally if you use iPhone, use newer 2FA Hub app for iPhone. Check the app’s description to make sure that you download the right app.
Prerequisites
Supported Phones
- All Android Phones with Android version 7.01 and higher should be supported
- iPhones are supported through a separate application called 2FA Hub, available in Apple’s AppStore
Supported Smartwatches
The following Gear devices are supported:
- Gear S2
- Gear S3
- Gear Sport
- Galaxy
- Gear Fit 2 and Pro (GACW app only)
The following Fitbit devices are supported:
- Ionic
- Versa
- Versa Light
- Versa 2
- Versa 3
- Sense
Theoretically, all Android Wear devices should be supported by GACW as well. Since there are too many different models in this category, we were not able to test all of them, so if you see any problem with your specific Wear watch model, please provide device details to us and we’ll try to fix.
Check the link below to learn about supported Garmin devices:
https://apps.garmin.com/en-US/apps/145a30f7-1f88-41dc-b8a3-676b152c7fdc
The minimum Android version to run the companion app is Android 7.0
Downloads
- Android application can be downloaded from Play Store: 2FA Hub (former GAC) or 2FA Hub for multiple watches ( former GACW)
- iPhone application can be downloaded from AppStore: 2FA Hub
- The most universal way of installing GAC application on Gear device is through Samsung’s Android Gear App: Gear App. To install GACW on your Wear watch, use Android’d Wear OS app.
- If you browsing apps from a Samsung’s Galaxy phone, you can also use direct link for GAC and GACW below to install apps on your smartwatch:
Refunds, Reviews, Donations
Please check Google’s Play Store and Samsung Galaxy App Store refund policies before purchasing any paid app. Please also notice that Google and Samsung usually charge taxes and marketplace maintenance fees that only they can refund, so contacting them for a refund is your best option.
Samsung app store refund policies: https://www.samsung.com/us/support/answer/ANS00076970/
Google play store refund policies: https://support.google.com/googleplay/answer/2479637?hl=en
PLEASE READ THE POLICIES ABOVE AND DON’T BUY AN APP IF YOU DON’T AGREE WITH THE PROVIDED RULES.
If you submit a review, especially negative one, please provide as many details as you can, so we can review and help. We’ve seen quite a few responses without any details, and helping in those cases is difficult. Please also read this wiki for a quick start.
You can provide the details either in this wiki’s comments, or send a direct email to the admin whose email address can be found in the app’s description.
Expenses for supporting various Android and smartwatches apps are much bigger than income generated by app stores so far. Real smartwatches are often required to test apps on new models. Software simulators, especially Samsung’s ones are not very good, and do not reflect the real “look and feel”
Donations
If you like this project and want to see more features and other smartwatches models supported, have your own suggestions that you want us to consider, please donate to the project using the bitcoin donation box below.
-
Bitcoin
Donate Bitcoin to this address
Scan the QR code or copy the address below into your wallet to send some Bitcoin
Why We Have Many App’s in Galaxy Store
The old GAC app supports many legacy Gear devices such as Gear, Gear II, Gear Neo, and Gear S. Since all these devices are different, they require different binaries. Samsung App Store doesn’t allow mixing companion and non-companion binary types in a single app’s distribution. That’s why new app is needed to enable companion functionality. We will gladly merge versions as soon as Samsung changes their policies (the best scenario) or when we decide to stop supporting legacy devices.
Samsung doesn’t support Samsung Accessory Protocol for iPhone’s and that requires creating a different watch app to support 2FA Hub.
Below is an error message, which is caused by an attempt to add a companion-based binary to the old non-companion style app
Adding New Account from Android on Gear or Galaxy
To add a new account from the phone you’ll need to select “Connect to Phone” menu on Gear first:
Pic 1. Menu Page on Gear
If the device is already paired with and connected to the phone through Bluetooth, an icon on the top will turn green and you’ll see the following message:
Pic 2. Gear Connected to Phone
At this point an account page should popup on the phone automatically. You can either select an existing account or tap “+” button to add a new one. Selecting ‘+’ button will bring you to Scanner page. Now you can point the phone’s camera to a QR bar code. When QR bar code is recognized, the blue border will be blinking and a scanned code will show up in an edit box located just above the camera window.
Pic 3. QR Scanner Page
Press “Send to Watch” button and the scanned account will be sent to your Gear device. You can also save the account to phone by pressing “Save” button. After an account is saved, the “Accounts” page will be displayed. Alternatively, you can get there by pressing an “Accounts” menu in the toolbar.
Pic 4. Accounts Page
At the “Accounts” page you could see a list of OTP tokens for all your accounts, and you can use the buttons on the bottom to perform the following actions (left to right):
- Send selected accounts to Gear
- Save all accounts to a backup file
- Delete selected accounts from your phone
- Restore all accounts from a backup
- Add more accounts by either scanning QR bar code or by typing a shared secret manually
Tap a token if you want to zoom it. The token will be refreshed properly in the zoomed view as well. When a color of the border becomes red, a new token will be generated automatically.
Pic 5. Zoomed Token
You can scroll accounts on this page using left and right arrow buttons on the bottom.
Changing Account’s Order
By default the accounts are stored in an alphabetic order, but it’s possible to change the order by long pressing an account name and dragging it to the new place.
Editing Account
Tap an account name in the list to edit it. It will bring you to the Scanner page where you can edit account name, the bar code, or scan the code using the phone’s camera. Press store icon on the bottom to save the account to the phone.
Backing up and Restoring Accounts on Phone
Account restore page can be reached by tapping restore button (second from the right) on Accounts page.
Pic 6. Backup and Restore
By default restore logic will try to create an encrypted backup and password will be required to decrypt the accounts and to verify a signature created by a backup. You can use plain unencrypted backup by unchecking “Encrypt backup” option in Settings, but that option is strongly discouraged. If you want your app to remember the password, use “Remember password” option in Settings.
A button located below “From Watch” title can be used to restore phone’s accounts directly from a watch.
The backups that are not needed anymore can be deleted by selecting them in the backup list and pressing a “trash” button on the bottom.
Saving accounts to a backup file is similar and has two options as well: encrypted and unencrypted backups.
Dropbox can be used to backup and restore accounts as well. Use the ‘eye’ button to see what backups are available
Legacy Backup and Restore
Legacy backup and restore are used to save or restore data in gac-codes.mp3 file that can be used for integrating with an older Gear’s GAC version that doesn’t have an Android’s companion app. Use either MP3 button on the bottom or Legacy Backup/Restore menu items in tool bar to create a backup or restore your accounts from it. The MP3 file will be created in Music directory that can be used by Samsung’s Gear App for transferring it further to your Gear device, where the file can be used to initialize the accounts through “Init from File” menu.
Working with Samsung Watch
Token Page
After accounts have been imported to the watch, they will appear in the main menu. Simply tap an account to see a token. To return to menu again tap a “list” button on the top of token page.
Account Deletion
To delete an account, tap an account name in the list and hold for a couple of seconds until it changes a color and starts buzzing. Confirm account deletion on the following screen:
Getting Help
To get more help on usage tap the “Help” item in the main menu.
Other Screens Seeing on Samsung Watch
When accounts are successfully received by Gear you’ll see the following screen:
Pic 7. Accounts Received from Phone
When messages are sent by Gear to phone, you’ll see the confirmation screen:
Pic 8. Accounts Sent to Phone
If Gear is disconnected from its peer, the green icon will turn red.
Pic 9. No Connection Page
GAC Widget
GAC widget can be used to see the last viewed account and is activated in the same way as any other Gear’s widget: you add it on home screen selecting and tapping the icon below (just swipe screens left until you see it).
Pic. 11 Adding GAC Widget
After widget is added and if a user had recently viewed an account in the GAC app, the latter account will be displayed in the widget. If there was no account previously selected by a user, the following screen will show up.
Pic. 12 Non-initialized Widget
Tap the widget to initialize it or if you want to change a previously selected account. After an account is selected, the widget will display it until another account is selected.
Pic. 13 Initialized Widget
Navigate to the home screen and slide screens left to see the GAC widget.
Adding New Account from Android on Wear
First, start GACW app on Android phone, then start the same on your Wear watch. The beacon icon will turn green on the watch and Wear OS icon will show up in phone’s app tool bar.
Select accounts on your phone and press a “Send to Watch” button or menu item. After accounts are transferred, the Android app is not needed anymore. You’ll see an account list on your Wear device:
Pic. 14 Account list on Wear
Now you can select an account from the list to see the token:
Pic. 14 Auth Token on Wear
Google Auth for Fitbit
NOTE for users with iPhones: New app called “2FA Hub” is available in iPhone’s App Store now. It makes account creation and transfer easier. Connectivity is much better than in Android’s. Give it a try!
New Features Introduced in ver 1.1.3
The following new features have been implemented in ver. 1.1.3
- App version is visible in app’s Settings (see General section)
- App auto-close timeout setting was added. By default it’s off. Edit “Auto close app after n secs” property to setup the timeout in seconds. This can be used to avoid excessive battery usage if app was not closed.
Tested Devices
The following Fitbit devices have been tested:
- Versa (real device)
- Ionic (real device)
- Versa Light (simulator)
- Versa 2 (simulator)
- Versa 3 (simulator)
- Sense (simulator)
Required Fitbit OS SDK
The first app’s version (1.0.5) was built with Fitbit SDK 1.0, which is supported by all known Versa and Ionic devices. However, starting from version 1.0.7 the SDK used was 3.1. It means that for using the latest versions of the app you’ll probably need a firmware upgrade. The minimum firmware version that supports SDK 3.1 on Versa is 32.33.1.30, for Ionic – 27.33.1.30. Updates are available in Fitbit’s mobile app when you choose your device in the dashboard. Use Settings/About on your Fitbit device to check its firmware version.
If you don’t see the latest app’s version in the Gallery, it’s because your firmware was not upgraded.
Installing Google Auth on Fitbit
Fitbit app is approved and is available in the official Fitbit Store: https://gallery.fitbit.com/details/583cf908-87d4-4ae6-9331-ca0fbffd0ff0. To find and install it:
- Open Fitbit App on Android phone
- Tap Apps icon and type “Google Auth” to a search bar
Quick Start
- Open Fitbit App on Android and make sure that your Fitbit device is visible
- Open GACW App on Android. This step could be optional if you don’t mind typing your accounts manually
- Open Google Auth app on Fitbit device
The following screen will popup on Fitbit device:
Pic. 15 No Accounts Screen
4. To quickly check if the app is functional, click top-left button. It will import a testing account from settings:
Pic. 16 Account Received
5. Press green Ok button on the right and you’ll see an account list:
Pic. 17 Account LIst
6. Tap “Test” item to see a token:
Pic. 18 Test Token
7. If everything worked as described above, you can proceed to creating your own accounts. There are two ways of doing this: using GACW Android App and typing accounts manually in Fitbit’s Android App settings.
If you can’t import testing account, most likely you have a connection problem. Read the next section to troubleshoot the connection.
Troubleshooting Connection With the Phone
If buttons on the top do not work it’s certainly a connection issue. To troubleshoot go through the following steps:
- Make sure that Fitbit device is connected through BT to phone’s Fitbit App
- Wait until sync is completed
- Start the 2FA app on Fitbit device
- Start 2FA app on phone (if not started yet)
- Tap gray beacon on watch
- Wait until it’s green
- Select accounts in 2FA app on phone and tap ‘sent to watch’ button
If 5-7 doesn’t work:
- Exit 2FA app on watch
- Exit 2FA app on phone (use power button in the app’s toolbar – it’s important)
- Start 2FA app on phone and then 2FA app on watch
- Try 5-7 again
If you’ve tried everything and connection to the phone is still not available, you can always enter the accounts manually in the app’s Settings section from the phone.
Creating Accounts Using GACW Phone App
- Open GACW, Android Fitbit App, Google Auth on Fitbit device
- Go to accounts page on Fitbit device and press beacon icon (top-right button)
- Device pairing dialogs will show on Fitbit and GACW:
Pic. 19 Pairing
4. Enter PIN from Fitbit to GACW and press enter. If paring is successful, you’ll see a confirmation message
5. Choose Ok button on Fitbit and GACW to close dialogs.
6. Beacon icon should be green on Fitbit’s accounts page. Fitbit icon will show up in GACW’s toolbar and “send to watch” button on the bottom-left will turn green. Select account that you want to transfer and press low left button on GACW to send them to Fitbit. If transfer is successful, you’ll see “accounts received” message on Fitbit.
Pic. 20 Accounts in GACW
7. Tap an account on Fitbit to see a token
Creating Accounts Manually
For each account that you want to create you’ll need:
- Arbitrary account name, e.g. “Google”;
- Shared secret in Base32 form.
- In Android’s Fitbit App find Google Auth and open its settings:
Pic. 21 Accounts in Fitbit’s Settings
2. Tap “Add Account” link and add a new account in the form: Account:SharedSecret. Make sure that there is no any errors in “Errors” section below.
Pic. 22 Settings Page
Alternatively starting with version 1.1.5
you can add optional parameters after the secret, e.g.
AccountName:f7gjhjrjaheksk6f:10:1:8
where
- 10 is a sequential number of the account in the list (use it if you want to change the order of accounts when they are displayed
- 1 indicates that HmacSHA256 will be used (default is 0, which is HmacSHA1)
- 8 length of the token (default is 6)
The full syntax of the account string is as follows:
AccountName:secret:[order:[Algorithm:TokenLength]]
3. On Fitbit’s device tap left-top button to import accounts from setting. An “accounts received” page will show up if import is successful.
Pic. 23 Accounts Page
Auto Close App
To avoid app running forever and consume battery if a user forgot to exit it by pressing “back” button, auto close feature has been implemented starting from version 1.0.8. The default timeout is set to 0, meaning there is no timeout, but it can be changed in the app Settings page on the phone.
Pic. 23 Auto close app
Known Issues
Issues that have been fixed
- An issue specific to Android 8.0 has been identified: the Android companion crashes with a Runtime Exception. The issue was attributed to the “new behavior” of Android 8.0 and is considered by many as a platform bug: https://stackoverflow.com/questions/48072438/java-lang-illegalstateexception-only-fullscreen-opaque-activities-can-request-o. That issue has been fixed in GAC version 3.4.1. Please report if you still see this problem.
- Progress bar might not work correctly on some older Android’s phone models: it didn’t go all the way to the end and didn’t refresh the tokens. The issue has been fixed in GAC version 3.4.0.
- There was a complain that camera can’t scan QR code on Pixel 2. Unfortunately, no details have been provided. Research has shown that Pixel 2 had many problems with camera in other apps as well. One suggestions was to use 16:9 resolution, which I did for Pixel2 and Pixel 2 XL devices only. Try Android’s version 3.4.5+ and let me know if it works. A ticket was opened with Google to investigate the issue, but they are very slow and I don’t have any confidence that they will ever find or fix it: https://issuetracker.google.com/issues/77754219.
Note: The latest message from Google was that it does work on Pixel and other Google devices. If you still have problems with those, please provide details. - No support for Lollipop and lower versions. I’ve created a debug version for Lollipop. Try it and let me know if it works. If it doesn’t, please provide details and a log file (adb logcat -d >log.txt). You can install it from here: https://credelius.com/credelius/app-debug.apk (simply click on the link from your phone’s browser). You’ll need to enable install from 3rd parties to make it work: Settings->Security->Unknown Sources. I’ll merge that version with the main branch if see a need for Lollipop and a positive feedback. So far I’ve seen only one user who wanted it.
Under Investigation (happens rarely)
- Sometimes tapping on GAC widget doesn’t start the GAC app. If you see “Launching app” message too long and nothing happens, just tap the widget again. The root cause of the problem has not been identified yet. It could be platform related.
- On a very rare occasion, GAC widget can stop working and won’t react on a tap. It’s not clear why it’s happening, and reproducing is not possible, since it’s a very rare event. A work around for now: long press the widget and remove it, then add again. We’ll fix as soon as find a reason. It could be platform related.
Please, I wanna buy your app but my situation is this; I have an iPhone and a Wear OS watch. I need 2FA on my watch, so can I install this app and enter de 2FA code manually on may watch without using a phone at all?
Unfortunately, for Wear OS you’ll need an Android phone to transfer accounts to the watch. I don’t have a companion app for iPhone. Sorry for the inconvenience, I’ll consider building an iPhone based companion for Samsung and Wear OS watches in the future.
If you have a Fitbit’s Ionic or Versa watch, you can try setting it up manually from your iPhone as described here: https://credelius.com/credelius/?p=241#fitbit ( see “Creating Accounts Manually” section).
I have many watches, but Fitbit is my favorite so far that I use on a day to day basis. The reason – I can charge it ones a week, unlike all others, and I bought my almost new Ionic for $70 only on ebay.
Does this work without the wear device being connected to a phone?
I understand you need the companion app to load secrets into the wear app, but once the secrets are loaded can I use the wear app to get OTP codes even if the phone is turned off/not nearby?
That’s correct, after OPT secrets are loaded, a telephone is not required to get an OTP. No connection to the phone is required. It works this way for all supported watches: Samsung Galaxy and Gear series, Android Wear and Fitbit smartwatches.
Rad! Exactly what I needed! Thanks!
One other question – will this work with the newer Samsung watches? Specifically the Samsung Watch 3? They look to be a direct replacement for the gear watches so I’m inclined to think so
I do not have this specific watch model, but can you please go to Samsung Galaxy App store to see if you can install my app (GACW – 2FA TOTP Client for Gear, Wear, Fitbit, Android) to your watch? It’s free in Samsung store. If you can, it should work. If you don’t see it, I might need to test it with the new watch model and update the app in the Galaxy App Store.
heh, the issue is I don’t have the watch, was looking at what was compatible before buying. I’ll try track someone down who has one. Thanks for being so responsive!
Ah, sorry, I didn’t realize that you didn’t have a watch. I’ve just checked the released binaries in Samsung’s App Store and saw these models supported: Galaxy Watch 3, Galaxy Watch BT, Galaxy Watch LTE. This is in addition to the older devices like Gear S2 and Gear S3, Galaxy Gear and Gear Sport.
Check also this link with very details phone/watch combinations
Hope it helps.
Hi Oleg. GACW is such a helpful app. Thanks for working on this. I am using a Samsung Galaxy Watch and have successfully set up two accounts for common services. But I fail when setting up an account for my Sophos VPN (which works on another 2FA app). I see you solved a Sophos VPN problem for another user last year and it appears that your fix is in this latest version of GACW (which I am using).
Here is my problem. While creating an account in the phone app I successfully scan the QR code and the secret is appropriately filled into the field on the scanner page. When I save the account to the phone, the app shows no OTP value for the Sophos account. When I save the account to the watch, the app shows either ‘000,000’, the appropriate OTP, or an incorrect OTP. In all cases, the number does not refresh unless I leave and re-enter the account. Any idea what’s up?
I think, I found the problem. Try simple thing before I fix the bug in a new release:
1. Edit your Sophos account in GACW on your phone (just press the list button on the right.
2. On account page unmask the shared secret and remove all %3D characters in the end of the string. Be careful – don’t delete any other characters.
3. Save the account by pressing “down arrow” on the bottom
4. Sync with your watch
5. Let me know if the fix worked, so I could provide a permanent fix with a confidence
Update: new GACW ver 1.7.7 has been just released. It should fix the issue.
Look at you! Just look at you! This solved the problem after I deleted and re-established the account. You are so helpful. Thank you! I am now recommending your app to colleagues.
I’m glad it worked for you. Please don’t forget to rate in Android and Galaxy app sores (each new version can be rated). It’ll help the app and support even more than word-of-mouth.
With the new releases for the Versa 3 and Sense, will the app be updated to work on those models? I just received my Sense, and the app is no longer available via the Fitbit app store (presuming model doesn’t match for compatibility). This is one app I used the most on my Versa 2. I really do appreciate all the work in getting 2FA to work on the smart devices. it makes thing so much easier than grabbing the phone out of my pocket all the time.
Thanks for your inquiry. I’ll need to check these two new models. Currently the app support Versa, Versa 2, Versa Light and Ionic. If the same API are supported the porting should be easy. If not, I might need to release a new version.
UPDATE
I’ve just checked the changes that Fitbit made to SDK 5 needed to support new models. It’s a disaster requiring a complete UI rewrite. I’ll try doing that, but it won’t be simple nor fast. I’ll keep you posted. My rant is here if you’re interested in details: https://twitter.com/oleggryb/status/1310420895828123648
Good news – I was able to port the app to SDK5 to make sure that Fitbit Sense and Versa 3 are supported. I’ve submitted the binary to Fitbit App Store today. Hopefully, they will release soon, but it normally takes one week before you see it in the app store.
That is awesome news. I greatly appreciate your efforts with the changes that were made to the SDK.
Hello, and thank you for an app that I use and enjoy a lot.
I have a Samsung Galaxy Watch Active 2 and as of the most recent update, I can no longer add accounts to my watch because the “Connect to Phone” menu option is missing. See the screenshot here: https://www.dropbox.com/s/7tn09byki2vlitv/Screen_20201202_082403.png?dl=0
I am able to add accounts to my phone (Samsung Galaxy A51) but cannot transfer them to my watch.
Hey Tom,
I think, I know what has happened. You’ve downloaded a version for legacy devices. It’s not even supposed to work with your watch, since I didn’t list it for Galaxy Watches, but somehow, Samsung store has made it available for Galaxy.
Please uninstall that and install this one: “GACW – 2FA TOTP Client for Gear, Wear, Fitbit, Android”
What you’ve installed was: “Client for Google Authenticator” and that’s 6 yo with very limited support.
Hope, it’ll solve your problems.
I uninstalled and reinstalled the phone app and now it appears to be working again.
On my phone (Samsung Galaxy A51), I have installed “GAC – 2FA TOTP Auth Client”, which is compatible according to the Google Play Store. On my watch (Samsung Galaxy Watch Active 2), I have “Client for Google Authenticator with Companion”, which is compatible according to the Galaxy Store. It also appears to be compatible according to #2 in the description for the other app, “GACW – 2FA TOTP Client for Gear, Wear, Fitbit, Android”.
Neither app clearly says which one a Galaxy Watch Active 2 user should use. Are you saying the one for Fitbit and Wear is the only version supported for my phone and watch? If so I’ll consider buying that one too.
You have the right combination now: Android’s “GAC – 2FA TOTP Auth Client” does work with “Client for Google Authenticator with Companion”
Another combination that works together is: https://galaxystore.samsung.com/geardetail/infogrybgc and https://play.google.com/store/apps/details?id=info.gryb.gacw&hl=en_US&gl=US
The latter will work with your watch and your phone as well, but if you don’t care about Fitbit and WearOS watches, you don’t need it. It’s still kind of experimental, while what you use is the most stable one.
Finally, I’ve recently released a version for iPhone, but this will work with iPhones only:
https://galaxystore.samsung.com/geardetail/gacwiphone and https://apps.apple.com/us/app/2fa-hub/id1538363570
Hello, thanks for the great app! Is there any chance that you can make the android app integrate with android’s authentication framework (I would like to be able to use fingerprint auth for app access vs. a pin)? Is this a possibility? Thanks!
Yes, it’s possible. There should be an unlock method though if FP doesn’t work. Need to think it through. Meanwhile – just use auth at device level, plus app level PIN.
Hi Chris,
I’ve just released GACW ver 2.1.4 with biometric authentication. It works for devices running Android 11 (SDK 30) and higher. If you have that, give it a try: go to Settings and select “Protect by biometrics”. Please provide feedback.
Thanks, will give it a shot!
Seems to work – thank you!!
Hi there. This app worked great on my Samsung Galaxy watch until recently. Now I have no “Connect to Phone” in the menu. The menu only contains Help and New Account, neither of which do anything. I tried removing the app and reinstalling it, but nothing changed. Any ideas?
Sorry to hear. Please provide details. Please let me know what app you use:
GACW
Client for Google Authenticator
Client for Google Authenticator with Companion
2FA Hub
Please also provide version: Help -> Author Info and see Version
If this is GACW, there the menu name was changed to “From Phone”
I ended up getting it working by resetting and re-pairing my watch and reinstalling everything. A bit drastic, but it worked.
To answer your query, the app is Client for Google Authenticator
Under Help, About it says Google Auth Client Version 3.6.1
Ah, that might be GACW by your images.
What is the version? Don’t you have “From Phone” menu?
That’s very old. Please make sure that you use:
3.7.1 on watch
2.1.0 on phone
Hi,
Great app I’ve been using it successfully for years.
After updating Samsung Galaxy Watch to the latest firmware GACW on the watch stays are “No connection to the phone. Try reconnecting.
I have performed a full reset of my watch simular to Draxonic, however, a connection is not being established.
I can install and transfer other data from phone to watch.
Any tips or is there something I’m missing?
Details of software, phone and watch below for reference.
GACW Version 3.7.1 on watch
GACW Version 2.1.0 on phone
Phone Samsung Galaxy S10 (SM-G9730)
Android 11
One UI V3.0
G9730ZHU4EUBA
Samsung Galaxy Watch (SM-R800)
Samsung Gear Tizen Version 5.5.0.1
Build Number: R800XXU1FUB6
Thanks
Tom
Please upgrade the phone version to the latest: 2.1.6. Please also make sure that your watch is connected through BT from Samsung’s Wear App (select your watch and tap connect menu). You should see “Connected” state in the Wear App. If you don’t see it, BT connection was not established and the watch’s GACW won’t be able to connect.
If it still doesn’t work, send an email with details to admin at gryb dot info
Please check new Beta 3.0.0. It has many new features and design. Your feedback is appreciated.
Don’t forget to backup your accounts before you try. There may be bugs that would prevent previously created accounts
Hi,
I have S20 ultra and Samsung Watch.
Watch 2fa hub connects to phone app, when I send account, it says account sent to Fibit. But Watch still says waiting for data. Please help.
Can you please write details to me to admin at gryb dot info with some pictures attached? I’ll verify internally as well
I think I know what the problem is: you use wrong watch app that is meant to connect to iPhones, and not to Androids. The watch app that you need is this: https://galaxystore.samsung.com/geardetail/infogrybgc
Please install it on your watch and try again.
Thanks. It worked.
Hi,
I have a small request, if you’re able. When you load the app, it shows the last code for a second or so before updating to the new code. This is slightly annoying, would it be to have it load a blank screen before showing the new code?
This is only really a minor annoyance, so no worries if it’s not possible. Love the app regardless, left a review on the galaxy store. Really surprised more people haven’t caught onto it yet!!
What watch app is this? GAC or GACW? Please let me know and I’ll take a look
Hi,
The watch is Galaxy Active 2. Thanks!
Whoops misread your comment,
https://apps.samsung.com/gear/appDetail.as?appId=5vz04OiR1o
This is the app I’ve got. “Client for Google authenticator”
Thanks for the clarification. I’ll take a look
Released new version 3.6.2. Will be available in Galaxy Store in a week after Samsung approves it
Amazing, thanks so much!
Any chance we can change accounts that we use to backup our codes? I accidently clicked on the wrong Google account to select for backup and now it won’t let me choose my other one. Sadly, the account I selected, says the app was trying to access a secured area and has been blocked, so I can’t backup my codes.
Also, the app doesn’t seem to update how many 2FA accounts you have added. Even after restarting, it still says my watch has no accounts and I don’t have any to backup.
This is what you can do. Use Android’s GDrive client app to download gac-codes.enc manually using the “wrong” account. Then login to the “right” account and upload the file to the root folder of GDrive. After that use restore function in the app.
I’m not sure why the app shows empty account list. It can happen if you completely uninstall app that will lead to deleting all app’s data, which includes accounts. If this happened, the only way to restore is from a backup. I hope the technique provided above will work for you
Will you be making a 2FA version for a Garmin Fenix 5 plus
It’s included to the latest version. Please let me know if you have any problems. I’ve tested in simulator only.
I applied the update last night and now I cannot see any codes on my Samsung Galaxy s20+
Sorry for that. Something has happened to the encryption key stored in Android KeyStore.Can you please restore from a backup?
I bought the app for the Samsung watch, but I can’t figure out how to bulk transfer my accounts from Google Authenticator to the phone app. When I try to scan the QR codes from GA, it doesn’t work because it is looking for a single account. GA won’t let me take a screenshot of the QR code or back up to a file. How do I bulk transfer the accounts from GA to the phone app so I can send them to my watch?
The way how I did it: I just took a picture of bulk QR code generated by Google Auth using a different device, then scanned the bulk QR by 2FA Hub
Hello.
I bought the APP from the Samgung store, I have a Galaxy Watch 3, everything installed OK. I also installed it on Android (Samsung A51). Scan a QR Code from a wordpress website (Google authenticthor plugin), everything OK. If I type the code that is on the cell phone, it authenticates. If I type the code on the watch is invalid or expired, what can it be?
Thanks for reporting.
First thing – please make sure that time is correct on your watch. If it is correct, can you please get a sample of QR code that has this problem and send it to me (admin at gryb dot info)
Strange behavior, but I need the QR to be able to reproduce.
Please make it so in the next update I can rename my accounts on the iPhone app and sync them with my FitBit Sense. Now I have three account with the same name (my emailaddress) and that is rather confusing. When I press the pencil to edit, I only can remove the accounts, which I don’t want ofcourse.
Editing was there since the first release: tap account icon on the left and edit the account name on the top. You can also edit other fields this way.
Which of your 2FA apps work with the new Galaxy Watch 4? Thanks!
Basically, the rule of thumb is: if it’s available in Samsung AppStore for this watch, it will work. If Samsung watches is all you care install these pair:
1. On watch: https://galaxystore.samsung.com/geardetail/5vz04OiR1o
2. On Android: https://play.google.com/store/apps/details?id=info.gryb.gaservices
I cannot find the app in the samsung galaxy store anymore – I have a Galaxy Watch 4
Does your app support pop up 2fa notifications on the watch?
Samsung has decided to switch to WearOS and to Google Play store for Galaxy Watch 4 and all further smartwatches. All you need now to support your watch is this application: https://play.google.com/store/apps/details?id=info.gryb.gacw&hl=en_US&gl=US
You’ll also need Google’s WearOS app to install anything on your watch: https://play.google.com/store/apps/details?id=com.google.android.wearable.app&hl=en_US&gl=US
Please let me know if you have any problems. Is not, please provide feedback/rating in Play Store.
If by “pop up” you mean 2FA push method then no, it’s not supported since it’s proprietary for each 2FA vendor.
Works great on my Samsung S9 and galaxy watch. Very good documentation on this page. Truly impressed
Thanks for using and taking time to write the comment. Please also rate the app in both Google and Samsung app stores. It will help to futher develop the product
I have a strange combination: a Samsung S6 (newest Android version supported is 7.0) and a relatively newer watch (SM-R805F). I was using 2FA on a different phone (with a newer version), which broke. For some suitable amount of mBTC, can I get the APK for an older version of the phone app? (Assuming that it would work.)
Greg,
I’ve downgraded the minimum version to Android 7.0 as you’ve asked. I hope that will solve your problem and won’t break the app for hundreds of other users.
It’s in Play Store now. The version that you need is 4.0.5. The direct link in Play Store: https://play.google.com/store/apps/details?id=info.gryb.gaservices
The app for a smartwatch that you need is this one: https://galaxystore.samsung.com/geardetail/5vz04OiR1o
It doesn’t require any changes. If you already have it installed you don’t need to do anything else on your smartwatch
BTC would be highly appreciated of course, but are very optional. Writing reviews and rating the apps in both stores is always free though and the least you can do to promote the apps:)
If something still doesn’t work, please provide details through the email that you’ve already used before.
The phone icon in garmin connect iq app is always orange, so that I cannot send code to my garmin watch…
Thanks for reporting. What is your Garmin watch model and what is the 2FA Hub version on Android: 2FA Hub/Help/About? I need this info to be able to troubleshoot
Would you ever consider porting to Amazfit devices / ZeppOS? Very reasonably priced devices and a large user base. I believe SDK is available.
Thanks for the hint and I’ll consider, but no ETA yet
Hello:
Can I restore an Android backup to an iPhone?
Yes. On Android store your codes in Dropbox. Open a Dropbox client, and find a folder where the file was stored. It should be something like /Apps/2fahub/gac-codes.enc (the file name is configurable in the app’s settings). In Dorpbox client copy the file to iPhone’s location: “/Apps/2FA Hub for iPhone/”. Use Restore in iPhone’s 2FA Hub app to restore your codes
HI there,
bought recently “2FA Hub” for my ipad (Air 5 2022). Works without issues however I can’t use Dropbox backup option. Dropbox says:
“Error connection app: This app has reaced its user limit. Contact the app developer and ask them to use the Dropbox API App Console to increase their app’s user limit.”
Is this something you (Credelius) can fix?
Thanks in advance,
Uwe
Sorry for the delay. I’ll take a look at the issue. I didn’t know that Dropbox had this limit.
UPDATE: submitted a request to Dropbox. It’s pending their review
Thanks for your patience
UPDATE2: Dropbox has approved the change and you should not have this problem anymore
PS. Please write an email to my admin account if there is a problem in the future, so I can react faster.
Hi, on my Galaxy S23 the backup and restore buttons are missing. In the security setting of the app I see only camera permissions. I think it need file access too, right? How can I repair this without loosing my trillions of 2FAs?
Thanks, William
Sorry, but Google made local storage available only for special apps like file managers. You basically have two options now: (1) copy encrypted backup to a clipboard and send with an email, or use Dropbox to store encrypted backups online. If you have an old backup file somewhere, read it as a text, send by email, open email in your Galaxy S23, select the text to clipboard and restore in the app.
Alternatively you can upload the file to Dropbox, move it to Apps/2fahub directory using any Dropbox client and then restore from Dorpbox.
You can write to my email if need more details
Please send a screenshot and other details to my admin account admin at gryb dot info
Would be nice, if you could make it working with a sense2
See #3 in this article: https://www.makeuseof.com/ways-google-ruined-fitbit/
Google kills Fitbit platform and doesn’t allow 3rd party apps there anymore
Hej, is there a chance that you implement a search function and/or longer names on the left side of the @? I have more and more troubles finding entries, number still increasing …
Thanks a lot, William
Hi William,
You can edit the name by clicking on the account icon, but I’m hesitant to increase the maximum length, because watch users will start complaining that they can’t see the full name. That’s why I recommend just name the accounts by the provider, e.g. Google, Twitter, WordPress, Paypal, Sonic, etc.
Thanks for your reply. OK, understand. I have for example about 80 synology diskstations within about 65 companies and at least 2 accounts on each. Finding the right abbreviation for Synology is hard. And synologys are just one of severals systems, where we have TOTP.
So what about a search function, at least on the phone?
Kind regards and have a great new year 🙂
William
OK, I’ll think about it