Google Authenticator QR Decoder

A decoder that extracts the otpauth:// URI from a Google Authenticator, Authy or any other authenticator QR screenshot. The image is decoded directly in your browser tab via JavaScript — no /decode endpoint exists for this tool. Useful when switching from Google Authenticator to Aegis (Google's app has no plain export), backing up a fresh 2FA enrollment into a password manager, or restoring TOTP entries to a new phone.

How to use

1
Get a QR screenshot

Some authenticators let you re-display the QR (e.g. Authy "Show QR"). Or take a screenshot of the QR shown when you first enrol a new service.

2
Upload it here

Drop the screenshot or click to browse. The decoder will find the QR inside the image and extract the otpauth:// URI.

3
Verify the live code

Compare the 6-digit code shown to the one in your old authenticator. They should match.

4
Add to a new authenticator

Scan the re-rendered QR into your new app, or copy the secret into a password manager for backup.

🔥 Trending right now
🗣️ Text to Speech Video Enhancer ✂️ Trim Audio Audio Enhancer 🎭 Voice Changer 🎙️ Vocal Remover 🎬 Create Video from Audio 🎬 Trim Video

Recover the secret behind a 2FA QR code so you can migrate accounts between authenticator apps

Drop a QR screenshot or click to browse
PNG, JPG, WebP, GIF ·
or
Loading QR decoder…

Decoded entry

— — — — — —
Refreshes in s
Scan into your new authenticator
Open Aegis, Authy, 1Password or your preferred app, choose "Add account → Scan QR", and point at the QR below.
Copied
Don't know what to try?
450+ free tools — open a surprise
🎲 Surprise me

Features

Decodes in your browser Full otpauth:// parsing Live TOTP preview Re-render as fresh QR Paste URI fallback

FAQ

Where do my QR image and 2FA secret go?

The image is decoded by JavaScript on the page; the decoded secret stays in your browser tab until you close it. We collect anonymous performance telemetry (decode timing, format detected, success/failure) like every Timbrica tool — see our Privacy Policy. For long-term secrets you can load the page once with the network on, then disconnect and re-do the decode offline.

Why would I want the secret?

To migrate between authenticator apps (Google Authenticator → Aegis is the most common, since Google's app has no plain export). To back the secret up in a password manager. To add the same account to a second device for redundancy.

Does it support HOTP?

Yes. HOTP URIs include a counter parameter, which is shown after decoding. Note that HOTP counters drift if both devices use the same secret independently.

Does it work with Google Authenticator's multi-account export QR?

Yes. Paste the special `otpauth-migration://` URI (or upload its QR screenshot) — every account inside is decoded with its secret, algorithm, digits, period and a one-click copy. This is the common path for moving off Google Authenticator into Aegis or Bitwarden.

Can I run this offline?

Yes — after the first load, the page is cached by the service worker. Disconnect from the network and the decoder keeps working. Useful for an extra air-gap when decoding secrets for high-value accounts.

What apps can scan the re-rendered QR?

Any RFC 6238-compliant authenticator: Google Authenticator, Authy, Aegis, Microsoft Authenticator, 1Password, Bitwarden, FreeOTP, ente Auth.

💡 Want us to improve this tool just for you?

We can — and it's free! Just send us a quick message with your idea. If you'd like to discuss it in detail, leave your email and we'll get back to you. You can stay anonymous.

You May Also Like

🔄 Bitwarden Converter 🗃️ KeePass Viewer 🔗 One-Time Secret Share 🔐 PGP Key Generator 🎲 Passphrase Generator 📊 Password Audit 🚨 Password Breach Checker 🔑 Password Generator

How do you rate this tool?

Thank you for your rating!
Want to share more? Leave a comment!
Thank you! Your comment will appear after moderation.
Who is this tool for?
💻 Developers & IT Pros 🔒 Security & Privacy
Published Updated