How to transfer Google’s 2-factor authentication to a new iPhone in 14 easy steps

I just got a new iPhone 7. It’s much faster, has eight times the space, and takes marginally better low-light photos compared to my 4-year old iPhone 5. Living a mile above sea level also leaves me wondering if I’ll ever need the water-resistant functionality.

Nevertheless, migrating all the settings and logins over is never fun, especially onerous but important security features like 2-factor authentication for important services like Google. Given the crucial importance of 2-factor for securing devices and accounts, Google’s current implementation of migrating two-factor to a new phone is simply unacceptable. I spent nearly an hour trying to match out-of-date documentation with important settings hidden in the user interface. With 79 million new iPhones forecast to be sold between September and December and I’d guesstimate that >50% of them have Google accounts as well, I am confident that most other people have neither the time nor the patience to figure this all out themselves. Why transitioning isn’t vastly simpler is a question best left to security usability experts, but Google’s current terrible implementation all but guarantees that there will be thousands or millions of people who will opt out of using 2-factor because this transition is simply too difficult and poorly documented.

How to migrate your Google Authenticator to a new iPhone 14 easy steps.

  1. You’ll need your Authenticator app on your old phone or backup codes to get into your account as well as a “real” computer (desktop or laptop) to do this. If you thought you could get away with managing this on just two mobile devices, that’s adorable.
  2. In any Google service, click on your name in the top right. In the drop-down, select “My Account”.
  3. At this point you’re scratching your head wondering where the “Security” button or “Settings” selections are as the documentation glibly intones. Don’t worry, they’re not anywhere to be found and your hold on reality hasn’t slipped yet! Select “Signing in to Google”.
  4. Select “2-step verification”. You’ll probably be asked to log in and enter a 2-factor code again from your old device or backup codes. Try not to tear up thinking about how this may be one of the last times you ever gaze upon this screen.
  5. Once you’re in, select the teeny tiny pencil on the right-hand side of the “Authenticator app (Default)” box to edit these settings. For the love of god, don’t click anywhere but the progress buttons in the subsequent screens or you’ll get to start over at square one right here.
  6. While the naive reader might expect where the documentation says “Move to a different phone”, there would be a button labelled “Move to a different phone.” This is not a valid assumption. You have to select “Change” instead. What does it change? We don’t know until we click on it!
  7. If you’re using an iPhone like me, select “iPhone”. I’m guessing if you use an Android you should select “Android”. I can’t rule out it also opening a portal into a hellscaped alternative timeline, so proceed with caution.
  8. Now a QR code will show up on the screen. You’ve probably seen these on low-rent billboards or dubious business cards before, but now you’re actually going to interact with one. Don’t you dare click on anything yet.
  9. On your new phone, launch the Authenticator app and select “Begin Setup” in tiny font at the bottom of the screen beneath the gigantic banner than conveys absolutely no information about this 14-step process you’re just over halfway through now.
  10. Select “Scan barcode” also in tiny font at the bottom. At this point you may also be barraged with requests for the app to use your camera, all of which you should accept just like you do for every other application. Unfortunately Authenticator will not notify you when you’ve matched with another hot single in the area.
  11. Now point your phone’s camera at your computer screen so it can capture the barcode. Yes, it’s simultaneously thrilling, infuriating, and will make you look like an idiot to any passers-by.
  12. A six-digit number should pop up on your phone if you’re successful. If you’re not, you always have the option of going back to Step 8 and figuring out how the “Can’t Scan” choose your own adventure option ends (hint: with you getting to manually enter a 16-digit alphanumeric key!).
  13. Going back to your desktop computer, enter the six-digit code on your phone into the field. Pretend you’re a spy since the number is only good for something like 30 seconds and flashes and turns red when you’re running out of time. It’s the small touches like this that makes this simple process so much less stressful.
  14. Assuming you didn’t make any errors in a process that involved you switching contexts between three different screens and entering time-sensitive random numbers into easily-closed dialogue boxes that reset the whole process, you should now be able to use Google Authenticator on your new phone!


Looking for Ph.D. Students

In case you missed the news via other channels, I am now an assistant professor at the University of Colorado’s Department of Information Science. This makes me a brand new professor in a brand new department in a brand new college. I’ll save my customary advice post for a later time, but suffice it to say that there’s a fractal nature to the perception of social order: if becoming a graduate student made you realize your undergraduate TAs were more-or-less faking it, then the same holds for the transition from graduate student to faculty member. If you want to see the results of my faking it in class, check out the repo that will contain all syllabus, slides, and lab notebooks for my Peer Production and Crowdsourcing seminar class.

One of the roles that I am most excited to fill as a professor is that of an advisor. I come out of a “lab” culture characterized by team collaboration and shared credit, informal peer mentorship, rapid iteration, promiscuous use of theories and methods, cumulative scholarly contributions, and common working space. This is different from other academic models that prioritize single authorship, one-to-one advising, detailed planning, methodological or theoretical purity, concentrated scholarly contributions, and more autonomous work. There are risks and benefits in either culture, but my experience with the former gives me the confidence to adopt the model and select applicants who want to collaborate in that context.

If you are not currently enrolled in a graduate program, applying for the NSF Graduate Research Fellowship program before the October 25 deadline this fall is an extremely compelling signal that you’re taking your application seriously enough to be planning ahead, applying for external funding, framing a research program, etc. If you are interested in applying to work with me and eligible for the GRFP, please get in contact at (change “4”s to “a”s) before October 11 so that I can give you feedback.

I have a few different projects in various stages of disarray I’m looking to admit Ph.D. students as funded research assistants and junior collaborators. There are several different Ph.D. programs at CU Boulder for which students can apply: the majority of our current students from Information Science, Computer Science, or the ATLAS program. The application deadlines for these are as early as December 7, 2016 to be admitted and start in the Fall 2017.

Applicants should have working knowledge and project experience working with programming/scripting for data analysis in R or Python. If you have worked through some O’Reilly data analysis books or taken some data science classes on Coursera and can point me to a blog post or GitHub repo where you’ve shared preliminary findings from your data analysis project (e.g., networks of songs in movie trailers), that’s exactly what I’m looking for! I primarily use methods from network science, machine learning, natural language processing, time series, and sequence analysis to understand the structure and dynamics of online collaboration. I am very open to junior collaborators mixing these methods with ethnography, interviews, critical design, surveys, and experiments.

  • Sequence analysis. A major new direction for my work is to understand how behavioral sequences can be a unit of analysis for understanding online collaboration. Applicants familiar with Markov chains, Viterbi reconstruction, finite state machines, sequence similarity and classification, or frequent pattern mining from streaming data, bioinformatics, or other domains would be amazing.
  • Social bots. How can social bots be used in conjunction with field experiment methods to rapidly and ethically conduct online experiments? I’m particularly interested in the role that social bots could be used for challenging online misinformation.
  • Forecasting and prediction. What features can be mined from online behavioral traces to forecast and predict economic, political, and cultural events? Identifying influential users, evidence of insider knowledge, and aggregating data across platforms are all exciting and productive areas for research.
  • Second screening. How does social behavior change when we are all watching the same event? My previous work has looked at changes in Twitter behavior during the 2012 U.S. Presidential election and 2014 World Cup.
  • Teamwork in online games. My early research examined cheaters in MMOGs and I have also become interested in analyzing online battle arenas like League of Legends to understand team assembly dynamics and non-verbal communication.
  • High-tempo online collaboration. How do people rapidly self-organize to collaborate and share knowledge? I’ve primarily examined this in the context of English Wikipedia, but there are many opportunities to extend this work into other linguistic and cultural contexts, across other platforms, and examine the consequences of participating in these collaborations for on-going community engagement.
  • Data-driven journalism. What lessons do Wikipedians writing about current events have for creating new models for journalism and public accountability? I am interested in developing tools and evaluating models for recruiting social media users to collaboratively surface and write-up information from large and complex data sets.

If you are interested or know of potential applicants that are interested in any of these topics as part of a future Ph.D. program, please encourage them to get in contact with me at (change “4”s to “a”s).

Journalism as a Professional Model for Data Science

With the 2014 Facebook Experiment behind us and the 2016 U.S. general election ahead of us, discussions about ethics and data science will remain very much in the public eye. Every new revelation and allegation will predictably bring a cycle of unconstructive outrage and over-baked hot takes — which is all fine and good for collecting pageviews if you need to pay the bills. But these cycles prevent us from being able to step back and articulate what data science should be and should do. If data science is to become a profession with values, ethics, and boundaries rather than an occupation, I think data scientists should look to journalism for lessons to adopt into its emerging professional identity. Continue reading Journalism as a Professional Model for Data Science