You are viewing a single comment's thread from:

RE: Broke my phone screen, can't access 2fa for some accounts like bittrex

in #asksteemit7 years ago

Had you saved secret codes/backup codes? If no there is no chance. But as you said you have broke phone screen, my advise would be to repair it, login to your accounts disable 2fa, generate new 2fa — this time make backup of secret codes and backup codes.

You can use some secure online cloud service for that. I use password safe and tresor it.

Let me know if you need further help.

Sort:  

This is something new to me - err, what secret codes and backup codes, please?
As with many others, Google Authenticator is an extremely critical app for us. This is something that I worry about - of not being able to get to the codes (and left high and dry from logging in to exchanges and transferring coins). Losing the phone, for instance.

If there is some sort of backup to Google Authenticator, I hope someone can help explain how to go about it.

I suck at explaining things so please bear with me xD

Secret code/key: when you set up 2fa on some website, they give you qr code which consists of secret key. This is shared secret between you and website. As long as you have backup of this secret you can gain access to your account. Suppose if your phone dies, then install authenticator on other phone scan qr code, done.

Backup codes are one time usable codes, suppose if your phone dies and you don't have secret key and have backup code then you can open website through it, then generate new secret key.

Unfortunately, Google authenticator doesn't allow backups but worry not I just found out new app which allows to do that. It's available on both IoS and android. It's paid app but you should not be caring about few bucks when it relieves future stress :)

It's authenticator plus:

https://www.authenticatorplus.com

Thank you very much! When it comes to the hassle and stress in losing access to our Google Authenticator - and especially in not being able to access our crypto assets at the exchanges - spending a few bucks on protection is well worth it. Many times over. I will definitely check out this app.

In the meantime, and thanks to this post and especially your comments here, I took the trouble to do some research. Trying to find ways to back up our GA. This link provides the simplest way - use Authy in place of Google Authenticator https://www.icontrolwp.com/blog/google-authenticator-backups/

I've gone out to one exchange which I have registered but not yet used. Not at my regular exchanges (Bittrex and Binance), in case I bungle something and locking myself out. Followed the instructions at this website and... it works!

I have also taken a screenshot of the QR Code and key you mentioned above when registering 2FA again. Then saved it in an encrypted VeraCrypt folder. It's on my laptop, USB and cloud (no worries - it's encrypted with AES with SHA512 hash). I will repeat the process with the other exchanges and important sites. In addition to looking up the app you mentioned here.

Thanks again, everyone. This is the most important thing I've learned this week.

I thought it would all transfer over onto new phone. Even made a back up of the app, but alas... all gone.

This is bad news. All this while I too had thought that's how we do it: log in to our Google account on a new phone, download Google Authenticator, and we'd be up and running again. Apparently it doesn't work like that!

I'll bet many others aren't aware of the hassle they'd go through should they have any sort of issue with Google Authenticator. This post should have more visibility so as to ensure they'd know about this.

Now, once you sort all this out, use authenticator +. It allows encrypted backups to Google drive and drop box so you can easily restore if something goes wrong. You can import Google authenticator accounts too if you have rooted device.

I saved nothing like a fool :D

Thanks! I am working on it now, and should have it all sorted within a week.

Count me in as another fool :) I had not saved the codes either when I enabled 2FA. Was so eager to use the sites and simply went to the next step in the process the last time.

I've remedied the situation over the past several hours. (1) Disabled Google Authenticator (2) Enabled again. This time using Authy, not GA, since the former had cloud backup and across different devices. (3) Took a screenshot [PrntScrn key] of the QR code and key this time.

At one exchange, just to be sure I don't lose access to my coins should I bungle something, I transferred all to my wallet first. Tedious process plus transaction costs. Overkill too actually. But better to be safe than sorry.