A simple, secure, and purely client-side web tool to extract One-Time Password (OTP) secrets from Google Authenticator and LastPass Authenticator QR code exports.
https://mfcarroll.github.io/extract-otp-web/
- Load from Google Authenticator bulk QR codes
- Load from LastPass Authenticator bulk QR codes
- Load from regular otpauth QR codes
- Load from LastPass Authenticator JSON export
- Display individual OTP secrets and QR codes
- Save to CSV
- Save to JSON
- Export to Google Authenticator bulk QR code
- Export to LastPass Authenticator bulk QR code
- Scan direct from camera
Google Authenticator lets you transfer your accounts to a new phone, but it doesn't provide an easy way to export them to other apps like 1Password or Bitwarden. This is because it hides the original "secret" (the QR code you first scanned) for each account.
Without these secrets, moving to a new password manager means manually re-configuring 2-Factor Authentication for every single account, which is a huge pain.
While other tools exist to solve this, they often require technical steps like running scripts or installing software. This tool is designed to be a simple, secure, one-click solution that runs entirely in your browser.
This tool reads the QR code screenshots from Google Authenticator or LastPass Authenticator's export feature and gives you back the original secret for each account. You can then use these secrets to import your accounts into any other authenticator app.
-
Export from your One-Time Password App:
Export from Google Authenticator:
- Open the Google Authenticator app on your phone.
- Go to the menu and select "Transfer accounts" > "Export accounts".
- Select the accounts you wish to export.
- Take a screenshot of each QR code that is displayed.
Export from LastPass:
- Open the LastPass Authenticator on your phone.
- Click on the cog and select "Transfer accounts" > "Export accounts to QR code".
- Take a screenshot of each QR code that is displayed.
(For lastpass, you can also choose "Export accounts to file" and upload that instead. This tool supports both formats.)
-
Extract Secrets:
- Open this tool in your web browser
- Click "Select QR Code Image(s)" or drag and drop your screenshot(s) onto the page.
-
Use Your Secrets:
- The tool will display the extracted OTP secrets, each with its own QR code and secret key.
- You can now import these secrets into your preferred authenticator app or password manager.
Security and privacy are the top priorities of this tool.
- Nothing you upload ever leaves your device. All processing happens locally, right in your browser.
- Your QR code images and the secrets they contain are never sent to any server.
- This tool is open-source and the code can be inspected by anyone to verify its safety and methodology. It is hosted on GitHub pages, providing a secure and transparent deployment process.
- For maximum security, you can download the source code from GitHub and run it on a local, offline machine.
This project is built with Vite.
- Node.js (version 18 or higher recommended)
- npm, pnpm, or yarn
-
Clone the repository:
git clone https://github.com/mfcarroll/extract-otp-web.git cd extract-otp-web -
Install dependencies:
npm install
-
Start the development server:
npm run dev
-
Open your browser to the local URL provided.
This tool was created by Matthew Carroll, a developer who was frustrated with the process of migrating OTP codes from Google Authenticator into other password managers.
It was made possible by building on the work of several open-source projects, including:
- Extract OTP Secrets, the python script by Roland Kurmann, on which this tool is based.
- Aegis Authenticator, for the Google Authenticator export protobuf specification.
- Google Authenticator Exporter, another python script solution to the same problem.
The user interface and QR code processing are powered by these excellent open-source libraries:
- jsQR for decoding QR codes from images.
- protobuf.js for decoding the Google Authenticator data payload.
- pica for high-quality image resizing.
- QR Scanner for scanning QR codes using the camera.
- node-qrcode for generating new QR codes for each account.
- thirty-two for Base32 encoding the OTP secrets.
- Font Awesome for the icons used in the UI.
Gemini Code Assist was used during the development of this tool. All AI-generated code has been carefully manually reviewed.
The development of this tool was made possible in part through the support of Stand.earth. If you find this useful, please consider making a donation to support Stand's work.