Author

Topic: How to prevent lost of 2FA key (Read 364 times)

newbie
Activity: 3
Merit: 0
November 26, 2021, 10:53:56 AM
#29
hi Lapinouadead,
i see your example with losing the phone and understand your concerns and i would like to share with you that i have been locked out of 2fa protected accounts before>more than once.Back in the day,one of the first companies to offer two-factor authenticator was Blizzard.World Of Warcraft players got access first,since they eneded to protect their hard-earned loot. You may recall people walking around with WOW keychains thet displayed changing digits on an LCD.
thansk for your time hope it was useful
legendary
Activity: 1148
Merit: 3117
April 04, 2021, 11:36:42 AM
#28
Maybe I need to switch from Authy, are there any 2FA recommendations that are best for me?
Besides the reasons already stated by o_e_l_e_o , Authy, although being an app that is used by many, it's closed source. Whenever available you really should go for Open Source apps, such as andOTP and Aegis ...
sr. member
Activity: 1820
Merit: 436
April 04, 2021, 10:57:02 AM
#27
I mean if you lost your phone with your 2FA like Google Authenticator, straight up it was already lost and you can't really recover that authenticator when you relog or something.

Your best option at this point was to pm the support of the individual website that your 2FA authenticator is activated, or if you have the recovery code in the individual website you can still recover it.

Some websites have a recovery code for 2FA so that you could easily recover it but I don't think all websites have it or maybe it was just difficult to get the recovery code for some since it doesn't show in the website, or else you need to pm the support.
legendary
Activity: 2268
Merit: 18711
April 04, 2021, 09:15:20 AM
#26
Maybe I need to switch from Authy, are there any 2FA recommendations that are best for me?
As has been mentioned above, Aegis is a good choice for Android. It is entirely open source, keeps all your data encrypted locally, and allows you to perform encrypted back ups and exports so you can save your database on an external device for easy recovery should your phone be lost or damaged.

For Apple, I believe the best option is Tofu authenticator instead. It is also open source, but unfortunately does not allow local back ups, instead opting to back up your database encrypted inside your iCloud Keychain if you choose.

Whichever option you choose, you should still write down the shared secret for each site on paper when you first enable/switch over your 2FA.
hero member
Activity: 1400
Merit: 770
April 04, 2021, 08:51:42 AM
#25
I'm afraid it's a minus, and a big one at that, which is why most people no longer recommend it.
Thanks in advance, this is great for me. Previously, I used Authy because of the email backup feature, it looks like it's easier but it also seems to lack. About Authy and the problem is no longer Open Source that just knew from you. Maybe I need to switch from Authy, are there any 2FA recommendations that are best for me?
sr. member
Activity: 1274
Merit: 293
April 03, 2021, 11:07:11 PM
#24
you shouldn't have your 2FA accessible from a device which you use for other things. highly suggest getting a separate phone or tablet dedicated to 2FA only.

backing up the codes is the easy part: write them down and secure them safely.
It is the best option but considering that not everyone can afford to buy another phone just for that purpose, I think that the best thing to secure your 2FA is to remember your account and to put an app locker on your email application so whenever the worst thing were to happen to your phone like being stolen, then you won't have to worry about your important emails and credentials being compromised or you can install an app in your phone that will brick it when it gets stolen.
hero member
Activity: 2520
Merit: 952
April 03, 2021, 10:46:42 PM
#23
I use aegis, personally find it much better than Google 2fa, you can back it up encrypted and store it in cloud storage, pen drive to stay safe.
jr. member
Activity: 95
Merit: 4
April 03, 2021, 07:55:44 PM
#22
you shouldn't have your 2FA accessible from a device which you use for other things. highly suggest getting a separate phone or tablet dedicated to 2FA only.

backing up the codes is the easy part: write them down and secure them safely.
legendary
Activity: 1512
Merit: 4795
Leading Crypto Sports Betting & Casino Platform
April 03, 2021, 02:22:37 PM
#21
Almost 5 years I have not used GA. I use Authy for the security of my account. I don't know if GA can be duplicated to other phones, but Authy can. You only need to remember the password with your email. I don't know this is a plus or a minus. Maybe if you lose your phone it will be easier to get backups.
With the latest update on google 2fa, you can make a QR code backup of the sites you want to. All you need to do is to:
  • Open the google 2fa
  • Click on the three dots at the top right corner
  • Click on transfer accounts you want to backup
  • Click on export accounts
  • Making sure all the site you make authentication for are marked
  • Then click on next

You will see a QR code, you can backup the QR code which consist of all the sites you selected and can be used on any new device to retrieve your 2fa authenticator.

If you don't have the recovery code for the exchange (I assume you are trying to login to an exchange) all you can do is contact the customer service department of the site and request that they reset your code. Be prepared to go through KYC and waiting days and weeks for them to respond.
What I have noticed about exchanges is that if no kyc was done before by the user before the lost of the account, the account will be lost forever. But, if the person has verified his account before the account loss, then the customer care can request for certain credentials to help prove the user is the right owner of the account, which will be used to recover the account to the rightful owner.
legendary
Activity: 2730
Merit: 7065
April 03, 2021, 01:08:33 PM
#20
I lost my phone and I have no QR codes or anything. Is there any way to get my 2FA key?
Did you use Google Authenticator or some other app? Unless you previously exported your account including the codes for the sites you are trying to recover, there is not much you can do. If you don't have the recovery code for the exchange (I assume you are trying to login to an exchange) all you can do is contact the customer service department of the site and request that they reset your code. Be prepared to go through KYC and waiting days and weeks for them to respond.
jr. member
Activity: 134
Merit: 1
April 03, 2021, 12:33:21 PM
#19
I lost my phone and I have no QR codes or anything. Is there any way to get my 2FA key?
hero member
Activity: 1036
Merit: 674
April 03, 2021, 10:55:52 AM
#18
You can back up the google authenticator.

To do so,
    1. Tap on menu button (the 3-dots button) at top of the screen.
    2. Select "transfer accounts".
    3. Select "Export accounts".
    4. Check the accounts you wish to back up and tap on "Next".

After steps above, you will see two QR codes. Keep them in a safe place.
Since your phone won't allow you to get screenshot, you need to take a photo from the screen using another phone.
(It's more safe to use an air-gapped phone for taking the photo and print QR codes.)


Ok, thanks for the update,
I just did it & it worked perfectly the exact way you said it, 👌🏾
legendary
Activity: 2268
Merit: 18711
April 03, 2021, 08:33:54 AM
#17
I use Authy for the security of my account. I don't know if GA can be duplicated to other phones, but Authy can. You only need to remember the password with your email. I don't know this is a plus or a minus.
I'm afraid it's a minus, and a big one at that, which is why most people no longer recommend it. Authy is no longer open source, and they now back up all your shared secrets, 2FA codes, and other info to their own servers. If someone hacks your email, they can potentially restore your 2FA codes to another device. This means they can use your email to reset your exchange/account password and receive your 2FA code, which negates the entire point of 2FA since both factors can now be accessed by compromising one thing (your email account).

If you lose access to your account, then Authy demand full KYC from you, including copies of photographic ID to restore your access. They also track which codes you access, when you access them, the IP you access them from, and link all that back to to your email address and other personal information they store about you.

There is no reason to use Authy when you can use an open source alternative such as Aegis, perform your own encrypted back up, and maintain your privacy.

See another post I made regarding Authy here:
I was reading from here: https://www.twilio.com/legal/privacy/authy

Quote
If we cannot easily confirm that you are the rightful account holder of the Authy account associated with your old number, we will ask you for your phone account information and a copy of physical identification such as a drivers’ license, national ID, or passport, which we then use to confirm your claim to the account. From time to time, if there are other situations where we need to verify that you are the rightful account holder of your Authy account, our support team may require you to provide identity information like a drivers’ license, national ID or passport.
Emphasis mine. More worrying that just for account recovery, they may also lock you out of your 2FA account (and therefore all of your online accounts which use 2FA) and demand KYC "from time to time". How reassuring. Roll Eyes

Quote
When you use an Authy token to log into an account, whether the token was generated on the app or one sent to you via your phone number, we collect and keep information associated with your login activity including information like your IP address, what application or program you logged in to, that you logged in, and when.
They track your activity across all your accounts, linking that to your email address, phone number, and IP addresses...

Quote
Over the last year, we have shared Identifiers and Internet or other electronic network activity information with third parties, as we describe in this section.
...and they share it with third parties.

I don't understand the benefit of this service. It is the equivalent of a web wallet for 2FA: You are letting someone else handle all your codes, have the power to lock you out of your accounts, and invade your privacy, all for something you can do yourself easily, freely, securely, and privately.
hero member
Activity: 1400
Merit: 770
April 03, 2021, 07:40:32 AM
#16
I would recommend replacing Google Authenticator with other open source 2FA apps like

Almost 5 years I have not used GA. I use Authy for the security of my account. I don't know if GA can be duplicated to other phones, but Authy can. You only need to remember the password with your email. I don't know this is a plus or a minus. Maybe if you lose your phone it will be easier to get backups.
legendary
Activity: 2212
Merit: 7064
April 03, 2021, 05:11:46 AM
#15
What is the things I can do to prevent the lost of my access ? Can I save a key/Qrcode and use it to get back my account ?

I would recommend replacing Google Authenticator with other open source 2FA apps like AegisandOTP that is available even for older Android smartphones with F-Droid, or WinAuth for Windows OS.

You can then scan secret key QR codes with those apps (it would be a good idea to write them on paper also) and import them one by one, and make encrypted backup from settings after that.
newbie
Activity: 28
Merit: 7
April 03, 2021, 05:09:23 AM
#14
Hi,

I'm using Google Authenticator to secure my different crypto accounts. It's on my phone.

I'm thinking about the time I will lose my phone.

What is the things I can do to prevent the lost of my access ? Can I save a key/Qrcode and use it to get back my account ?

Thanks,
Take a pic of each QR or export from app
member
Activity: 196
Merit: 11
April 03, 2021, 03:57:14 AM
#13
Years back google auth has no 2FA backups to gmail account but today they have make this available, you can also choose to write down the 2FA numbers in a safe location but gmail sync is more safer and highly recommended
hero member
Activity: 2072
Merit: 656
royalstarscasino.com
April 01, 2021, 05:25:37 PM
#12
First, there is a private code when you are first activating the Google Authenticator. It must be saved because it can be used for backup when you lose your GA.
However if you didn't save it, you can try following the steps in this link, it will really help to backup:

https://blockspot.io/backup-google-authenticator/

There you can find much information about backing up the GA and how if we lost our GA.

There is also a case when we lose our GA and we didn't save the backup code. I think we can contact the supports of the exchanges or platforms. However, not every exchange or platform will help you resolving this matter to reset GA and if there is, the mechanism is commonly complicated and you need certain proof s or documents to prove that the account is exactly yours.

Tat is why backing up the codes and also other private data for accessing GA is very important.
copper member
Activity: 2996
Merit: 2374
April 01, 2021, 04:51:13 PM
#11
Okay, I think I've lost my setup key but I still have my phone and access to my codes.

Is-it possible to get back this key, or I must export to a new account ?


You can disable, and subsequently re-enable 2FA in order to get a new setup key.

First, you use a 2FA code generated by the authenticator app to disable 2FA. Next you enable 2FA on your account, the service will provide a new QR code and new alpha-numeric code that you need to load onto the authenticator app. This will be different than your previous code, and your previous 2FA codes will not work, so be sure to add this to your authenticator app. Before navigating away from the page with the QR code and alpha-numeric code, make multiple backups of this code in case you lose access to your phone.
legendary
Activity: 1932
Merit: 4602
Buy on Amazon with Crypto
April 01, 2021, 02:59:54 PM
#10

After registering with the service, save this image on your computer and encrypt it with VeraCrypt.
https://veracrypt.fr/en/Home.html
Do not use email access and 2FA key on the same phone. If your phone is stolen, you will lose your cryptocurrency.
If you have small amounts, and you will not be upset at the loss, then this rule can be ignored.
Typically, users use multiple phones.
legendary
Activity: 1148
Merit: 3117
April 01, 2021, 02:35:55 PM
#9
Further, you should switch away from Google Authenticator and instead use an open source authenticator app which allows you to export an encrypted database of all your 2FA codes so you never run the risk of losing access to your accounts. Aegis is a good choice, as mentioned above.
I totally agree with this. For many years I've used Google Authenticator, but I'm trying to move away from them as they are too much invasive (I can't seem to leave Gmail and other tools, so I'm trying to leave the ones I can).

I would recommend either Aegis or andOTP. They are basically the same, open source and all, but I do agree that Aegis ends ups having a better looking UI. andOTP is more "basic" but features a lot more of customization, so I guess it's more geared towards the advanced users.

The benefit of both of these apps is that you can keep encrypted backups of your keys. So even if you loose your phone, provided you have those backups, you can simply import them into a new installation of andOTP or Aegis and the programs will automatically implement your keys without the need to have them in a random piece of file/paper.
legendary
Activity: 2268
Merit: 18711
April 01, 2021, 02:06:55 PM
#8
Most sites, when you first set up 2FA, show you both a QR code to scan and a long string of alphanumeric characters. These both represent the same thing - the shared secret which you use to generate your 2FA codes and the site in question uses to verify the codes you enter are correct. You should always write down your shared secret on paper and back it up securely, just like you would do with a seed phrase.

Further, you should switch away from Google Authenticator and instead use an open source authenticator app which allows you to export an encrypted database of all your 2FA codes so you never run the risk of losing access to your accounts. Aegis is a good choice, as mentioned above.
sr. member
Activity: 966
Merit: 421
Bitcoindata.science
April 01, 2021, 12:50:01 PM
#7
I think writing down your private key and keeping it safe should be one of the measures you should take so as to secure your funds in case you misplace your phone. Although most wallets has kyc verification which could be used to recover your wallet. But in cases of it's unavailability your private key would be your saving factor
mk4
legendary
Activity: 2870
Merit: 3873
Paldo.io 🤖
April 01, 2021, 11:45:13 AM
#6
Not sure how good/bad Google Authenticator is now, but if you're interested in trying something different, you might want to try Aegis Authenticator instead.

Topic: Aegis Authenticator, a decent alternative to Google Authenticator and Authy https://bitcointalksearch.org/topic/aegis-authenticator-a-decent-alternative-to-google-authenticator-and-authy-5192978
legendary
Activity: 2436
Merit: 1189
Need Campaign Manager?PM on telegram @sujonali1819
April 01, 2021, 11:09:53 AM
#5
what hosseinimr93 has said is right and you should follow it. To be honest only writing on a paper manually or printing the qr code to a physical paper and keep it in safe place on your home or somewhere you feel secure. If you keep it online then it help to user everywhere,  but it could be lost any time if you were a victim of hack. also if you keep the code or photo in your phone memory then key could be lost if you lost your phone.
legendary
Activity: 2380
Merit: 5213
April 01, 2021, 10:36:10 AM
#4
You can back up the google authenticator.

To do so,
    1. Tap on menu button (the 3-dots button) at top of the screen.
    2. Select "transfer accounts".
    3. Select "Export accounts".
    4. Check the accounts you wish to back up and tap on "Next".

After steps above, you will see two QR codes. Keep them in a safe place.
Since your phone won't allow you to get screenshot, you need to take a photo from the screen using another phone.
(It's more safe to use an air-gapped phone for taking the photo and print QR codes.)
jr. member
Activity: 30
Merit: 7
April 01, 2021, 10:23:25 AM
#3
Okay, I think I've lost my setup key but I still have my phone and access to my codes.

Is-it possible to get back this key, or I must export to a new account ?

copper member
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
April 01, 2021, 10:11:01 AM
#2
You should write down the key if the website advises it.

Some might have alternative recovery methods (for example if you've used kyc with them) but if you haven't you should write down the original secret key they give you (all apps should allow you to export it if they're up to date).

jr. member
Activity: 30
Merit: 7
April 01, 2021, 10:06:55 AM
#1
Hi,

I'm using Google Authenticator to secure my different crypto accounts. It's on my phone.

I'm thinking about the time I will lose my phone.

What is the things I can do to prevent the lost of my access ? Can I save a key/Qrcode and use it to get back my account ?

Thanks,
Jump to: