Android - Can I wipe my phone even if I use it for 2-step verification?

There are several ways to address your concerns.

First - you should print the emergency codes. Google has good directions on how to do so here. (reproduced here)

  1. Sign in to your accounts at https://www.google.com/accounts/SmsAuthConfig.
  2. Look for the “Printable backup codes” area.
  3. Click Show/Generate codes.
  4. If you are fine using the current set of backup codes, you can print or download them. If you believe this set of codes might have been stolen or you’ve used many of the backup codes, you can generate a new set by clicking Generate new codes.

Backup Codes

Second - Even without backup codes, you should have supplied your phone number to Google at some point; this allows for you to have a temporary code sent to you in a text message. As shown in the following image:

Send code via text message

Thirdly - You can disable 2-step verification while Wiping your phone, and re-enable it again after completion. (This requires you to set everything back up). Google Instruction Page to Disable 2-Step Verification (steps reproduced here)

  1. Visit the Using 2-step verification page under your Google Account settings. Sign in with your username, password, and verification code if prompted.
  2. Click Turn off 2-step verification.
  3. A pop-up window will appear to confirm that you want to turn off 2-step verification. Click OK.

That's what a factory reset is for - it does wipe all accounts associated with the handset.

You will need to go into your Google Account on your trusted PC to generate a password to use and key that into the Google Account after factory reset.

When you use Gmail on your trusted PC:

  • Go into Settings on the right hand of the GMail web page - its a drop-down menu when the cog-wheel gets clicked
  • Click on Accounts and Imports
  • Click on Other Google Account settings, this will launch a tab page on your browser for the Accounts.
  • Click on Security on the left hand side of the same page.
  • There's 2-step verification, click on the button Edit, you will be prompted to use your actual Google Sign-on password (the real one). Depending on how your trusted PC is set, you may be asked to enter the code delivered to your SMS, key that verification code into your Google Sign-on page.

Finally

  • There's a link called Manage application-specific passwords after successful sign-on.
  • Then, there's a "Step 1 of 2: Generate new application-specific password" at the bottom of the page. Give this a name - for example "BobSmith's Android HTC One X_10thSept2012", and click on Generate password, the password will get generated, now using that to sign on to Google from your handset - its a once-off operation. In any case, if the worst happens, you can revoke it and deny access to your account :)

On any Android device, rooted or not:

  • When you set up 2-factor authentication, there's an option to do so manually (without using a 2D barcode). You can then also write it down. If you have set it up already, you can re-do this and create it again.
  • (as already noted) Have those 10 emergency one-time codes at hand

If you have root rights, you can access the stored credentials of the Google authenticator app in some ways:

  • Read out the credentials and write them down:
    You can later manually add them to the app by providing GMail address and secret from below (yours differs of course).

    u0_a37@android:/ $ su.  
    u0_a37@android:/ $ cd /data/data/*.authenticator2/databases/  
    u0_a37@android:/ $ sqlite3 databases .dump | grep ' INSERT INTO accounts'.  
    INSERT INTO accounts VALUES(1,'[email protected]','secret',0,0,0);
    
  • Just back it up using Titanium Backup