Pages:
Author

Topic: Lost my 2FA Google Authenticator Code - CEX.io (Read 381 times)

hero member
Activity: 2268
Merit: 579
Vave.com - Crypto Casino
UPDATE:

I tried to log in today and they disabled the 2FA and I was successfully logged in.

Thank you guys for participating in this topic, your replies were nothing but helpful.

I really appreciate everyone, let's hope this topic/thread serves as a solution for anyone.

Cheers  Cool
Good thing to hear up some updates from you op, this is why its really always better to set out aside from google auth 2fa on having also some message otp verification in case on having these kind of possible
problems in the future.

Since this issue had been already resolve then better lock off this thread to prevent further replies.
Having some message OTP verification is not by any chance the solution in this kind of situation, the OP will still need the 2FA code before he can access his account and his ID document will still be needed if he wants to rectify the 2FA.
With that been said, is better for the OP to write down the backup code on paper and keep it safe or make use of Aegis which some outstanding features instead auth or google authen.
@up136191857, an exchange like Binance give fast response and solution to issue like this.
sr. member
Activity: 2604
Merit: 338
Vave.com - Crypto Casino
UPDATE:

I tried to log in today and they disabled the 2FA and I was successfully logged in.

Thank you guys for participating in this topic, your replies were nothing but helpful.

I really appreciate everyone, let's hope this topic/thread serves as a solution for anyone.

Cheers  Cool
Good thing to hear up some updates from you op, this is why its really always better to set out aside from google auth 2fa on having also some message otp verification in case on having these kind of possible
problems in the future.

Since this issue had been already resolve then better lock off this thread to prevent further replies.
newbie
Activity: 23
Merit: 3
UPDATE:

I tried to log in today and they disabled the 2FA and I was successfully logged in.

Thank you guys for participating in this topic, your replies were nothing but helpful.

I really appreciate everyone, let's hope this topic/thread serves as a solution for anyone.

Cheers  Cool
newbie
Activity: 23
Merit: 3
I did sent the user ID but still nothing.

In their support system they pretend that answer could take up to 10 days but in my case it’s been more than 3 weeks.

Still nothing
legendary
Activity: 2366
Merit: 2054
2 weeks gone by. Still nothing.
Have you PMed @CEX, someone ever 20 days no response yet, but almost of them got reseted  [1], [2], [3], [4], just make sure you explain the detail and send user ID, ticket number to him.
newbie
Activity: 23
Merit: 3
2 weeks gone by. Still nothing.
legendary
Activity: 3472
Merit: 3507
Crypto Swap Exchange
OP, I try to push them through Twitter. I hope we will get some reaction when this is more public.
I am still surprised by their slow response in this case.

CEX is not only the exchange with bad support and most of them are saving on stuff, but we should take more care about 2FA backups.
There is also free open source software for windows called WinAuth we can use for this in combination with mobile apps like Aegis.

I chose SMS as extra authentication protection here, just because of a possible complicated situation like this. In the meantime, I broke my phone a few time, so there would be a lot of problems even if I think I’m not using CEX only with 2FA.
legendary
Activity: 2086
Merit: 1282
Logo Designer ⛨ BSFL Division1
CEX is not only the exchange with bad support and most of them are saving on stuff, but we should take more care about 2FA backups.
There is also free open source software for windows called WinAuth we can use for this in combination with mobile apps like Aegis.
newbie
Activity: 23
Merit: 3
Hello guys,

I just wanted to update the thread about my issue. Still haven't heard back from CEX it has been more than 9 days since I contacted the support and no answer till now.

Definitely they do have poor support system. It makes no sense at all.

Waiting...
They will definitely ask a full copy of personal documents before processing your request. Cex.io has been a well-known crypto exchange for Ukraine-based crypto companies but they have slow support after the increasing popularity of crypto investment. No worries, the support team will reset the 2FA even if you have no access to the lost phone number/email/authentication app.

The best solution is to maintain a notebook to write you all the accounts credentials including Google Authentication codes and keep it always under you.
An even better option is to use a 2FA app such as Aegis, which allows you to export an encrypted database of all your shared secrets, which you could store on an offline medium such as a USB drive. Then, if you lose your phone and you need to recover your 2FA codes, it's as easy as downloading the app on your new phone and importing the back up.

I absolutely wouldn't recommend Authy. It is closed source. Your 2FA codes are stored in their servers. They collect a lot of information about you, including device information, email address, phone number, IP address, location, log in history, and more. If you lose access to your account, they require full KYC with copies of your ID to recover your account. This is an unnecessary security and privacy risk, for something you can do safely yourself as described above.
Damn I really used to think Authy is a goat of a 2FA app, especially after finding out how bad GA was after I lost one of the 2FA keys. Welp, I am wrong as it seems.

Btw, this aegis, I have never heard about it up until now. I looked it up right now and the reviews seem great thus far. I will check it out, thanks!

Dude you should make a thread of all useful/privacy friendly crypto-services cause I assure you dumbasses like me don't know a lot about it.
I also didn't know about the recovery process but not going to change the default 2FA app to another one. Authy has done an amazing job after losing access to the old Google Authenticator app which contained more than 30 private 2fa keys to online accounts. I am ready to share documents if the Authy team asks this for security reasons and proving identity by asking few questions.


I have already sent them my personal information (ID, Address). Still nothing.
legendary
Activity: 2772
Merit: 1028
Duelbits.com
Hello guys,

I just wanted to update the thread about my issue. Still haven't heard back from CEX it has been more than 9 days since I contacted the support and no answer till now.

Definitely they do have poor support system. It makes no sense at all.

Waiting...
They will definitely ask a full copy of personal documents before processing your request. Cex.io has been a well-known crypto exchange for Ukraine-based crypto companies but they have slow support after the increasing popularity of crypto investment. No worries, the support team will reset the 2FA even if you have no access to the lost phone number/email/authentication app.

The best solution is to maintain a notebook to write you all the accounts credentials including Google Authentication codes and keep it always under you.
An even better option is to use a 2FA app such as Aegis, which allows you to export an encrypted database of all your shared secrets, which you could store on an offline medium such as a USB drive. Then, if you lose your phone and you need to recover your 2FA codes, it's as easy as downloading the app on your new phone and importing the back up.

I absolutely wouldn't recommend Authy. It is closed source. Your 2FA codes are stored in their servers. They collect a lot of information about you, including device information, email address, phone number, IP address, location, log in history, and more. If you lose access to your account, they require full KYC with copies of your ID to recover your account. This is an unnecessary security and privacy risk, for something you can do safely yourself as described above.
Damn I really used to think Authy is a goat of a 2FA app, especially after finding out how bad GA was after I lost one of the 2FA keys. Welp, I am wrong as it seems.

Btw, this aegis, I have never heard about it up until now. I looked it up right now and the reviews seem great thus far. I will check it out, thanks!

Dude you should make a thread of all useful/privacy friendly crypto-services cause I assure you dumbasses like me don't know a lot about it.
I also didn't know about the recovery process but not going to change the default 2FA app to another one. Authy has done an amazing job after losing access to the old Google Authenticator app which contained more than 30 private 2fa keys to online accounts. I am ready to share documents if the Authy team asks this for security reasons and proving identity by asking few questions.
legendary
Activity: 2383
Merit: 1551
dogs are cute.
The best solution is to maintain a notebook to write you all the accounts credentials including Google Authentication codes and keep it always under you.
An even better option is to use a 2FA app such as Aegis, which allows you to export an encrypted database of all your shared secrets, which you could store on an offline medium such as a USB drive. Then, if you lose your phone and you need to recover your 2FA codes, it's as easy as downloading the app on your new phone and importing the back up.

I absolutely wouldn't recommend Authy. It is closed source. Your 2FA codes are stored in their servers. They collect a lot of information about you, including device information, email address, phone number, IP address, location, log in history, and more. If you lose access to your account, they require full KYC with copies of your ID to recover your account. This is an unnecessary security and privacy risk, for something you can do safely yourself as described above.
Damn I really used to think Authy is a goat of a 2FA app, especially after finding out how bad GA was after I lost one of the 2FA keys. Welp, I am wrong as it seems.

Btw, this aegis, I have never heard about it up until now. I looked it up right now and the reviews seem great thus far. I will check it out, thanks!

Dude you should make a thread of all useful/privacy friendly crypto-services cause I assure you dumbasses like me don't know a lot about it.
newbie
Activity: 23
Merit: 3
Hello guys,

I just wanted to update the thread about my issue. Still haven't heard back from CEX it has been more than 9 days since I contacted the support and no answer till now.

Definitely they do have poor support system. It makes no sense at all.

Waiting...
legendary
Activity: 2268
Merit: 18711
I was reading from here: https://www.twilio.com/legal/privacy/authy

Quote
If we cannot easily confirm that you are the rightful account holder of the Authy account associated with your old number, we will ask you for your phone account information and a copy of physical identification such as a drivers’ license, national ID, or passport, which we then use to confirm your claim to the account. From time to time, if there are other situations where we need to verify that you are the rightful account holder of your Authy account, our support team may require you to provide identity information like a drivers’ license, national ID or passport.
Emphasis mine. More worrying that just for account recovery, they may also lock you out of your 2FA account (and therefore all of your online accounts which use 2FA) and demand KYC "from time to time". How reassuring. Roll Eyes

Quote
When you use an Authy token to log into an account, whether the token was generated on the app or one sent to you via your phone number, we collect and keep information associated with your login activity including information like your IP address, what application or program you logged in to, that you logged in, and when.
They track your activity across all your accounts, linking that to your email address, phone number, and IP addresses...

Quote
Over the last year, we have shared Identifiers and Internet or other electronic network activity information with third parties, as we describe in this section.
...and they share it with third parties.

I don't understand the benefit of this service. It is the equivalent of a web wallet for 2FA: You are letting someone else handle all your codes, have the power to lock you out of your accounts, and invade your privacy, all for something you can do yourself easily, freely, securely, and privately.
legendary
Activity: 2352
Merit: 6089
bitcoindata.science
I absolutely wouldn't recommend Authy. It is closed source. Your 2FA codes are stored in their servers. They collect a lot of information about you, including device information, email address, phone number, IP address, location, log in history, and more. If you lose access to your account, they require full KYC with copies of your ID to recover your account. This is an unnecessary security and privacy risk, for something you can do safely yourself as described above.

o_e_l_e_o, AFAIK authy do not do that.

Authy doesn't request location access neither email address. The only thing authy gets is the phone number.

I never even heard about they requesting KYC documents.

I look at their help page (https://support.authy.com/hc/en-us#) and the word KYC or Documents is not even mentioned anywhere.... where did you see that they require  KYC?

If that's true, I would maybe shift over to another software. But I use authy for years and never had any similar problem..


Edit:
I found:
https://support.authy.com/hc/en-us/articles/360012304633-Authy-Phone-Change-and-Account-Recovery-Photo-ID-FAQs
Quote
Authy Phone Change and Account Recovery Photo ID FAQs
We know you look to Authy to keep your important online logins secure, so we take phone change and account recovery requests very seriously. In order to help confirm that you are the actual account owner, we may need to ask validation questions or request a copy of your photo ID during this process. Since a photo ID usually contains sensitive personal information, you may want to know why we need this, and how we handle it. To help explain our processes, we have created this list of frequently asked questions.

I have not shared my photo ID with you previously - What are you doing with it?
When we request a copy of your photo ID, we do not use it for a comparison to a previously saved copy. We won't go into specifics here to protect our security processes, but suffice to say that we use the ID data for helping to confirming your identity as the account owner.

Terrible for authy... this KYC makes no sense at all...
legendary
Activity: 2758
Merit: 1228
Thank you to you all for your readiness to help me. I never thought that here I could find a lot of people that will actually try to help you.

Update: I received a reply from CEX account here telling me that I have to wait for my queue since there are a lot of requests especially during these times since everybody is into it.

I still cannot access the account but I hope my turn will come soon.

I will update the thread often so I anyone how will have the same issue as me, should definitely find this helpful.

For sure this topic has convinced me to be more active on the forum and spread my knowledge here.




This article might help you ]Cex.io two factor authentication 2fa trouble shooting

Give some tries to solve your own problem while waiting for their response since support take time to answer maybe due to some load of works given to them so better spare some extra time to do it for yourself.

newbie
Activity: 23
Merit: 3
Thank you to you all for your readiness to help me. I never thought that here I could find a lot of people that will actually try to help you.

Update: I received a reply from CEX account here telling me that I have to wait for my queue since there are a lot of requests especially during these times since everybody is into it.

I still cannot access the account but I hope my turn will come soon.

I will update the thread often so I anyone how will have the same issue as me, should definitely find this helpful.

For sure this topic has convinced me to be more active on the forum and spread my knowledge here.


legendary
Activity: 3654
Merit: 8909
https://bpip.org
But do you know that Coinbase after 31.03 will no longer support Authy? They suggest to all users to move on GA

If they're still using standard TOTP, any compatible app should work.
legendary
Activity: 2268
Merit: 18711
The best solution is to maintain a notebook to write you all the accounts credentials including Google Authentication codes and keep it always under you.
An even better option is to use a 2FA app such as Aegis, which allows you to export an encrypted database of all your shared secrets, which you could store on an offline medium such as a USB drive. Then, if you lose your phone and you need to recover your 2FA codes, it's as easy as downloading the app on your new phone and importing the back up.

I absolutely wouldn't recommend Authy. It is closed source. Your 2FA codes are stored in their servers. They collect a lot of information about you, including device information, email address, phone number, IP address, location, log in history, and more. If you lose access to your account, they require full KYC with copies of your ID to recover your account. This is an unnecessary security and privacy risk, for something you can do safely yourself as described above.
legendary
Activity: 3472
Merit: 3507
Crypto Swap Exchange
You can register 2 devices of yours. For example 1 smartphone and 1 notebook (as a back up). You will have all your 2FA codes in both devices, and you will disallow that someone add another device. For example, if a hacker steals your password, he won't be able to access any of your 2FA codes as he can't add another device without your permition from an allowed device.

This is the difference between GA and Authy: You have the security that a hacker cannot add another device even if he steals your password, and you are still able to access your accounts if you lost one device.

If you lose your phone, just buy a new one and add that new phone from your allowed device.

Much better than GA.

I agree with you, Authy is much better than GA, he is connected to your account, not the device. I use SMS as 2FA on Cex.io, because do not want to have risk if I lose or broke my phone device.
But do you know that Coinbase after 31.03 will no longer support Authy? They suggest to all users to move on GA
Sorry OP, now we are going to offtopic
legendary
Activity: 2352
Merit: 6089
bitcoindata.science
So what happens if you lost the device and you were prohibited the registration on a new device? This means you can't log in even you have the login credentials. So what is the difference between Authy and Google Authentication? If you keep off prohibition then it would be a quite risky move, someone would guess your password or would be even hacked.

You can register 2 devices of yours. For example 1 smartphone and 1 notebook (as a back up). You will have all your 2FA codes in both devices, and you will disallow that someone add another device. For example, if a hacker steals your password, he won't be able to access any of your 2FA codes as he can't add another device without your permition from an allowed device.

This is the difference between GA and Authy: You have the security that a hacker cannot add another device even if he steals your password, and you are still able to access your accounts if you lost one device.

If you lose your phone, just buy a new one and add that new phone from your allowed device.

Much better than GA.

Quote
The best solution is to maintain a notebook to write you all the accounts credentials including Google Authentication codes and keep it always under you. So even lost the device still you will have to backup all your account credentials.

Storing your passwords and private keys of 2FA codes in a file on a notebook is very dangerous (and those private keys are mostly very big and impossible to write down in a paper). This file contains sensitive information that a hacker can access without major difficulties and steal money that may exist on exchanges or other services where the user keeps cryptocurrencies.

Authy is a software created by cybersecurity professionals that know what they are doing. What you are suggesting is the same as storing bitcoin private keys in file in your notebook... This may work for a while, but you might (and probably will) get hacked one day.

Unless you are a security specialist, I would advice everyone to work with the appropriate software.
Pages:
Jump to: