Pages:
Author

Topic: How to prevent lost of 2FA key (Read 373 times)

newbie
Activity: 3
Merit: 0
November 26, 2021, 10:53:56 AM
#29
hi Lapinouadead,
i see your example with losing the phone and understand your concerns and i would like to share with you that i have been locked out of 2fa protected accounts before>more than once.Back in the day,one of the first companies to offer two-factor authenticator was Blizzard.World Of Warcraft players got access first,since they eneded to protect their hard-earned loot. You may recall people walking around with WOW keychains thet displayed changing digits on an LCD.
thansk for your time hope it was useful
legendary
Activity: 1148
Merit: 3117
April 04, 2021, 11:36:42 AM
#28
Maybe I need to switch from Authy, are there any 2FA recommendations that are best for me?
Besides the reasons already stated by o_e_l_e_o , Authy, although being an app that is used by many, it's closed source. Whenever available you really should go for Open Source apps, such as andOTP and Aegis ...
sr. member
Activity: 1820
Merit: 436
Catalog Websites
April 04, 2021, 10:57:02 AM
#27
I mean if you lost your phone with your 2FA like Google Authenticator, straight up it was already lost and you can't really recover that authenticator when you relog or something.

Your best option at this point was to pm the support of the individual website that your 2FA authenticator is activated, or if you have the recovery code in the individual website you can still recover it.

Some websites have a recovery code for 2FA so that you could easily recover it but I don't think all websites have it or maybe it was just difficult to get the recovery code for some since it doesn't show in the website, or else you need to pm the support.
legendary
Activity: 2268
Merit: 18771
April 04, 2021, 09:15:20 AM
#26
Maybe I need to switch from Authy, are there any 2FA recommendations that are best for me?
As has been mentioned above, Aegis is a good choice for Android. It is entirely open source, keeps all your data encrypted locally, and allows you to perform encrypted back ups and exports so you can save your database on an external device for easy recovery should your phone be lost or damaged.

For Apple, I believe the best option is Tofu authenticator instead. It is also open source, but unfortunately does not allow local back ups, instead opting to back up your database encrypted inside your iCloud Keychain if you choose.

Whichever option you choose, you should still write down the shared secret for each site on paper when you first enable/switch over your 2FA.
hero member
Activity: 1400
Merit: 770
April 04, 2021, 08:51:42 AM
#25
I'm afraid it's a minus, and a big one at that, which is why most people no longer recommend it.
Thanks in advance, this is great for me. Previously, I used Authy because of the email backup feature, it looks like it's easier but it also seems to lack. About Authy and the problem is no longer Open Source that just knew from you. Maybe I need to switch from Authy, are there any 2FA recommendations that are best for me?
sr. member
Activity: 1274
Merit: 293
April 03, 2021, 11:07:11 PM
#24
you shouldn't have your 2FA accessible from a device which you use for other things. highly suggest getting a separate phone or tablet dedicated to 2FA only.

backing up the codes is the easy part: write them down and secure them safely.
It is the best option but considering that not everyone can afford to buy another phone just for that purpose, I think that the best thing to secure your 2FA is to remember your account and to put an app locker on your email application so whenever the worst thing were to happen to your phone like being stolen, then you won't have to worry about your important emails and credentials being compromised or you can install an app in your phone that will brick it when it gets stolen.
hero member
Activity: 2520
Merit: 952
April 03, 2021, 10:46:42 PM
#23
I use aegis, personally find it much better than Google 2fa, you can back it up encrypted and store it in cloud storage, pen drive to stay safe.
jr. member
Activity: 95
Merit: 4
April 03, 2021, 07:55:44 PM
#22
you shouldn't have your 2FA accessible from a device which you use for other things. highly suggest getting a separate phone or tablet dedicated to 2FA only.

backing up the codes is the easy part: write them down and secure them safely.
legendary
Activity: 1512
Merit: 4795
Leading Crypto Sports Betting & Casino Platform
April 03, 2021, 02:22:37 PM
#21
Almost 5 years I have not used GA. I use Authy for the security of my account. I don't know if GA can be duplicated to other phones, but Authy can. You only need to remember the password with your email. I don't know this is a plus or a minus. Maybe if you lose your phone it will be easier to get backups.
With the latest update on google 2fa, you can make a QR code backup of the sites you want to. All you need to do is to:
  • Open the google 2fa
  • Click on the three dots at the top right corner
  • Click on transfer accounts you want to backup
  • Click on export accounts
  • Making sure all the site you make authentication for are marked
  • Then click on next

You will see a QR code, you can backup the QR code which consist of all the sites you selected and can be used on any new device to retrieve your 2fa authenticator.

If you don't have the recovery code for the exchange (I assume you are trying to login to an exchange) all you can do is contact the customer service department of the site and request that they reset your code. Be prepared to go through KYC and waiting days and weeks for them to respond.
What I have noticed about exchanges is that if no kyc was done before by the user before the lost of the account, the account will be lost forever. But, if the person has verified his account before the account loss, then the customer care can request for certain credentials to help prove the user is the right owner of the account, which will be used to recover the account to the rightful owner.
legendary
Activity: 2730
Merit: 7065
April 03, 2021, 01:08:33 PM
#20
I lost my phone and I have no QR codes or anything. Is there any way to get my 2FA key?
Did you use Google Authenticator or some other app? Unless you previously exported your account including the codes for the sites you are trying to recover, there is not much you can do. If you don't have the recovery code for the exchange (I assume you are trying to login to an exchange) all you can do is contact the customer service department of the site and request that they reset your code. Be prepared to go through KYC and waiting days and weeks for them to respond.
jr. member
Activity: 134
Merit: 1
April 03, 2021, 12:33:21 PM
#19
I lost my phone and I have no QR codes or anything. Is there any way to get my 2FA key?
hero member
Activity: 1036
Merit: 675
April 03, 2021, 10:55:52 AM
#18
You can back up the google authenticator.

To do so,
    1. Tap on menu button (the 3-dots button) at top of the screen.
    2. Select "transfer accounts".
    3. Select "Export accounts".
    4. Check the accounts you wish to back up and tap on "Next".

After steps above, you will see two QR codes. Keep them in a safe place.
Since your phone won't allow you to get screenshot, you need to take a photo from the screen using another phone.
(It's more safe to use an air-gapped phone for taking the photo and print QR codes.)


Ok, thanks for the update,
I just did it & it worked perfectly the exact way you said it, 👌🏾
legendary
Activity: 2268
Merit: 18771
April 03, 2021, 08:33:54 AM
#17
I use Authy for the security of my account. I don't know if GA can be duplicated to other phones, but Authy can. You only need to remember the password with your email. I don't know this is a plus or a minus.
I'm afraid it's a minus, and a big one at that, which is why most people no longer recommend it. Authy is no longer open source, and they now back up all your shared secrets, 2FA codes, and other info to their own servers. If someone hacks your email, they can potentially restore your 2FA codes to another device. This means they can use your email to reset your exchange/account password and receive your 2FA code, which negates the entire point of 2FA since both factors can now be accessed by compromising one thing (your email account).

If you lose access to your account, then Authy demand full KYC from you, including copies of photographic ID to restore your access. They also track which codes you access, when you access them, the IP you access them from, and link all that back to to your email address and other personal information they store about you.

There is no reason to use Authy when you can use an open source alternative such as Aegis, perform your own encrypted back up, and maintain your privacy.

See another post I made regarding Authy here:
I was reading from here: https://www.twilio.com/legal/privacy/authy

Quote
If we cannot easily confirm that you are the rightful account holder of the Authy account associated with your old number, we will ask you for your phone account information and a copy of physical identification such as a drivers’ license, national ID, or passport, which we then use to confirm your claim to the account. From time to time, if there are other situations where we need to verify that you are the rightful account holder of your Authy account, our support team may require you to provide identity information like a drivers’ license, national ID or passport.
Emphasis mine. More worrying that just for account recovery, they may also lock you out of your 2FA account (and therefore all of your online accounts which use 2FA) and demand KYC "from time to time". How reassuring. Roll Eyes

Quote
When you use an Authy token to log into an account, whether the token was generated on the app or one sent to you via your phone number, we collect and keep information associated with your login activity including information like your IP address, what application or program you logged in to, that you logged in, and when.
They track your activity across all your accounts, linking that to your email address, phone number, and IP addresses...

Quote
Over the last year, we have shared Identifiers and Internet or other electronic network activity information with third parties, as we describe in this section.
...and they share it with third parties.

I don't understand the benefit of this service. It is the equivalent of a web wallet for 2FA: You are letting someone else handle all your codes, have the power to lock you out of your accounts, and invade your privacy, all for something you can do yourself easily, freely, securely, and privately.
hero member
Activity: 1400
Merit: 770
April 03, 2021, 07:40:32 AM
#16
I would recommend replacing Google Authenticator with other open source 2FA apps like

Almost 5 years I have not used GA. I use Authy for the security of my account. I don't know if GA can be duplicated to other phones, but Authy can. You only need to remember the password with your email. I don't know this is a plus or a minus. Maybe if you lose your phone it will be easier to get backups.
legendary
Activity: 2212
Merit: 7064
April 03, 2021, 05:11:46 AM
#15
What is the things I can do to prevent the lost of my access ? Can I save a key/Qrcode and use it to get back my account ?

I would recommend replacing Google Authenticator with other open source 2FA apps like AegisandOTP that is available even for older Android smartphones with F-Droid, or WinAuth for Windows OS.

You can then scan secret key QR codes with those apps (it would be a good idea to write them on paper also) and import them one by one, and make encrypted backup from settings after that.
newbie
Activity: 28
Merit: 7
April 03, 2021, 05:09:23 AM
#14
Hi,

I'm using Google Authenticator to secure my different crypto accounts. It's on my phone.

I'm thinking about the time I will lose my phone.

What is the things I can do to prevent the lost of my access ? Can I save a key/Qrcode and use it to get back my account ?

Thanks,
Take a pic of each QR or export from app
member
Activity: 196
Merit: 11
April 03, 2021, 03:57:14 AM
#13
Years back google auth has no 2FA backups to gmail account but today they have make this available, you can also choose to write down the 2FA numbers in a safe location but gmail sync is more safer and highly recommended
hero member
Activity: 2156
Merit: 670
Hire Bitcointalk Camp. Manager @ r7promotions.com
April 01, 2021, 05:25:37 PM
#12
First, there is a private code when you are first activating the Google Authenticator. It must be saved because it can be used for backup when you lose your GA.
However if you didn't save it, you can try following the steps in this link, it will really help to backup:

https://blockspot.io/backup-google-authenticator/

There you can find much information about backing up the GA and how if we lost our GA.

There is also a case when we lose our GA and we didn't save the backup code. I think we can contact the supports of the exchanges or platforms. However, not every exchange or platform will help you resolving this matter to reset GA and if there is, the mechanism is commonly complicated and you need certain proof s or documents to prove that the account is exactly yours.

Tat is why backing up the codes and also other private data for accessing GA is very important.
copper member
Activity: 2996
Merit: 2374
April 01, 2021, 04:51:13 PM
#11
Okay, I think I've lost my setup key but I still have my phone and access to my codes.

Is-it possible to get back this key, or I must export to a new account ?


You can disable, and subsequently re-enable 2FA in order to get a new setup key.

First, you use a 2FA code generated by the authenticator app to disable 2FA. Next you enable 2FA on your account, the service will provide a new QR code and new alpha-numeric code that you need to load onto the authenticator app. This will be different than your previous code, and your previous 2FA codes will not work, so be sure to add this to your authenticator app. Before navigating away from the page with the QR code and alpha-numeric code, make multiple backups of this code in case you lose access to your phone.
legendary
Activity: 1974
Merit: 4715
April 01, 2021, 02:59:54 PM
#10

After registering with the service, save this image on your computer and encrypt it with VeraCrypt.
https://veracrypt.fr/en/Home.html
Do not use email access and 2FA key on the same phone. If your phone is stolen, you will lose your cryptocurrency.
If you have small amounts, and you will not be upset at the loss, then this rule can be ignored.
Typically, users use multiple phones.
Pages:
Jump to: