Topic: When is Authenticator code needed? (Read 261 times)

Just to add some more information.  Today I transferred some bitcoin out of BlockFi, and was texted a code to use.   Afterwards I got an email requiring me to authenticate by uploading front and back images of an ID, and in addition required me to use my camera to scan my face as I gradually looked to my left and to my right.  Shortly thereafter it was approved. 

For the future, use two phones with authenticators. If one is lost, the other will be near

When you first setup authenticator, you were shows a QR code, and a string below. The QR code was that string plus some additional meta data. The string is what the authenticator app needs to calculate the code to display when considering the current time. It would have been best for you to have saved that string outside of your phone, so you can load the code onto a new phone if your phone were to get damaged or stolen.

Authy is an app like google authenticator and lot other similar authenticating apps which gives TOTP based codes. So if your authenticating apps is having sync issue then you need to resync it on the settings and he is saying if you are an Authy user you need to move to other authenticating apps or else your account will lose 2FA protection.

But why Coinbase decided to close 2FA from authy and it is actually possible to find which authenticating apps we are using?

Thats true, I experienced this at one point and I wondered what I did wrong because. It brought an error message until I did a synchronisation of the account with my time zone and it worked smoothly. So, sometimes its about the timing that makes the code wrong and as such, its best you allow your device to automatically set the time zone and then, you synchronise the app or site with the time zone and your good to go.

Mind you, the 2FA is one way to add extra protection to your account or wallet on a non custodial site or exchange and a good one at that, loosing it would as well bring you trouble so, its best you be careful and see a way of getting back on track with the system.

All my devices show the same time zone and I haven't moved out of this time zone.  Gemini uses Authy, but I thought Coinbase/Coinbase Pro used Google Authenticator.  I pretty sure that is asked for an Authenticator code not an Authy code.

Twoway factor authentication or the 2FA is just commonly used if you want to take another security layer or security feature on your account or devices but this requires a n application or devices to use this kind of feature like on the steam they have a steam guard. Also for google they have their authentication which is commonly use.
It's your choice if you want to add too if you want to become comfortable.

Some of the application we are using they are now supporting this feature.

As I know, Coinbase uses the Authy app for 2FA until 31 march. They will no longer be supported after this date. If you do not migrate to Google 2FA or Duo, they will automatically remove the 2FA protection from your account.
Which time zone use on your phone, is there any difference in other devices which had regular access to Coinbase? it was a problem for me at one point until I put it on automatic time zone determination.

I was unaware that I was given any recovery codes.  Coinbase, for example, simply sent me a verification code so that I could log in, unless this is the code you were talking about.  They sent me several such codes, presumably different ones for Coinbase and Coinbase Pro and for the three different devices I was using for access.  Of course, I now don't know which code goes with which device or app since they were all texted to my phone and have no differentiating information in the messages.

I guess I won't know anything further until I have occasion to execute a Coinbase/Coinbase Pro transaction.  Then I'll just have to see what it asks for and if it is something I can supply.

I did buy a new phone.  I went from an LG G4 running Android 6.0 to a Samsung Galaxy 515M (7 amp battery) running Android 10. 

There is an odd thing though.  After I knew that my Authenticator wasn't working any more I tried redoing my 2FA setup, obviously not knowing what I was doing.  Of course that accomplished nothing.  But the odd thing is that after rebooting the phone it never again deleted an app.  It could just be happenstance, but it is curious.  I retained my phone number, so the old phone is still usable for internet access, but it just gathering dust in a drawer.

It was suggested that I use Aegis, but without any Authenticator stuff working there is nothing to try to import to Aegis.

Each website you create a 2-Factor Authentificaion for also gives you a recovery code that you can use in case you encounter problems with your phone or the Google 2FA app. What is the status of those recovery codes, did you not write them down when you initially set up 2FA?

I have used a few exchanges that allows you to whitelist your device and IP address. The next time you login, it's enough to enter your ID and password and the site wont request a 2FA code. That's why you are still able to access certain sites without any codes.

It depends on how you recover your 2FA Authenticator. If you can get it back without the need for the support team it will not take any time you need to Sign in to your account with old 2-step verification code. open Security Settings page and regenerate your secret key

If you need the support team they will ask you for your IDs and you may need to wait a week or more.


You need to use it every time you do something about your balance and you can change the settings to request it in every process.

I think it's time for you to find a new phone then. I never know a phone that does that. Are you sure you don't modify something and install something like "deepfreeze" for your phone?

Pretty sure the backup failed or got corrupted. If you can't buy a new phone then I think using another authenticator client might be a good alternative. You should do it asap to make sure you don't lose your access to those exchanges, which will take a very long time to recover.

I think coinbase has some sort of "trust this device" or something that has allowed you to use that device for your account bypassing some of the security to save your time which might be the case here that you are able to use the accounts on one device while not on others. The question still confuses me though, you can use other exchanges without having 2fa with 2fa enabled? That's strange a bit. Your authenticator codes might not have been damaged, maybe they require a time correction, I don't remember exactly how to do it but Google can help you in it I guess.

I had an Android problem where after a phone reboot some apps were being deleted.  After googling around I saw that some others were reporting the same thing.  I got tired of having reinstall 4 - 5 apps every time I restarted the phone.  So I took a backup.  The next time I rebooted my phone and apps were deleted I just did a restore from the backup.  For some reason my Google Authenticator codes never worked again.  Somehow they were damaged during this process.

I had moved my funds from Coinbase Pro to BlockFi to take advantage of the interest they pay for deposited bitcoin.  Since that bitcoin movement I have not had occasion to again buy/sell/transfer any bitcoin using BlockFi.  I have been able to sign on/off BlockFi, but I would probably have had a problem if I actually tried executing a transaction.  I have initiated the process of getting re-authenticated (or whatever the term is) at the following site:

https://help.blockfi.com/hc/en-us/articles/360048862652-I-lost-my-2FA-Code-how-can-I-access-my-account-again-

However I still don't quite understand the Coinbase stuff.  They sent me a code to use to sign on, and an email to verify the device I use to access my account.  But wouldn't I expect to be asked for an Authenticator code if I tried to execute a transaction?  I don't see how it would now recognize my Authenticator codes.  I don't know anything I did that would allow it to.

Not sure what's happening because I personally don't use Coinbase, but 2-factor authentication is mostly required by financial services to increase more security for their users and to prevent hackers/scammers from accessing their accounts and stealing their money.

Why did you "destroy" your authentication keys in the first place(or did it get destroyed unintentionally)? Knowing that Coinbase would require it every time.

Because the 2FA that supposed to be your second layer protection is protecting to sign the unrecognized device, which means that if you didn't use your tablet for the Coinbase pro, it will always ask for a 2FA verification since it is the unrecognized device.

In other purposes, enabling 2FA verification code is good for security because you can't able to transfer fund without 2FA, but the problem if you lost it, it needs for your to contact the support team.

You might need to read this article from Coinbase.

At first, I am asking what kind of Authenticator you are using?
Google Authenticator?
basically, Authenticator is an additional security system that must be used in order to enable accessing or doing something that is related to security reasons. This is part of 2FA.
If it is not only about in COinbase, commonly Authenticator is used for:
1. Accessing or logging in to a certain platform, exchange, or site that requires authenticator code for additional security. It is very important to minimize being hacked or even abuse login access by someone who may know your email and username and password.
2. Authenticator code is also needed if you are willing to withdraw the assets from an exchange. It is also important to ensure that you are the real owner of the assets so that it will increase the security reason.

Further, please check these:
https://www.zdnet.com/article/better-than-the-best-password-how-to-use-2fa-to-improve-your-security/
https://www.pocket-lint.com/apps/news/141559-what-is-two-factor-authentication-and-why-should-you-use-it

That's what I am thinking here. He can access via tablet or pc because he is still logged in. However, once he logged out, more than likely, it will ask him the authenticator code. So yes, reset your 2fa while you still can. If you have significant amount in those sites, it would be hard if you got tangled with this 2fa thing. Normally, it will ask when you withdraw but most sites, they ask your code when you login. So you might not get out your funds if you have problem with 2fa.

Generally and on most websites, you will be requested to enter the 2fa code when you login, make a withdrawal request or reset your password/email.
Your open sessions (on tablet and pc) will not last forever and you will be logged out automatically sooner or later so don't count on that.
You better request resetting your 2fa codes. You will have to confirm this action via email and in the worst case you will have to confirm your identity. So nothing to worry about if you are the real owner of those accounts.