Bitcoin Forum

I am setting upp Google Auth for my Binance account.

How does this thing work?

I put in my email address
It makes a code in blue and flashed red colored.
What next?
Where do I input the code?

 ??? ??? ??? ??? ??? ???

Have you read the 2FA guidelines? (see https://support.binance.com/hc/en-us/articles/115000433432-Google-2FA-Guideline)

If you still have not fully set it up yet, take a look at Authy as opposed to Google Authenticator. I used the latter at first, until I discovered that it lacked inherent backup features, and swithched to Authy because of it.

Ah ok. Do anybody else prefer Authy before this Google authenticate?

I use Google Auth to check my BAT wallet. It's pretty easy to use if you follow the instructions.

Really confused what to do now.

If I lose my phone my Binance account is not accessible??????

Not until you recover your account, by following the procedure: https://support.binance.com/hc/en-us/articles/115003585911-How-to-Reset-Google-2FA.

That’s why I mentioned above that it is better to take a couple of hours to read through this sort of information.

As far as I’m aware, people do not have a hard time recovering their 2FA protected Binance account. HitBTC is another matter, since the amount of verification information that they require at HitBTC normally entails retrieving your TX IDs from/to HitBTC. But that is a different site …

I suggested Authy before, after thinking ahead at the time, and trying to anticipate scenarios where one loses the 2FA device. That is what made me switch to it, although I’m sure one could always argue that they do not want their 2FA codes on an online backup, even if they are encrypted.

2FA should make you feel safer, but you need to consider the safety of the 2FA device itself. Anyhow, read slowly through the 2FA recovery process I linked before. You’ll see what Binance requires and, eventually, worst case scenario on Binance, it comes down to performing a type of KYC again and waiting some hours.

Edit: Also, just to be on the safe side, and seeing your insecurity, I would recommend that you don’t engage in PMs with anyone volunteering to help you, if they do. It’s best to keep it out in public on the forum.

Edit: Both OP's post asking where a given URL was the site to download Authy from, and my reply, quoting the site, have been deleted. Perhaps we should spend less time on the forum trying to help out.

If i was to guage my feeling of safety with all this stuff on a scale from 1 to 10 with 1 being the least safe

I am about a 3  :( >:( :-\

Or perhaps don't use 2FA and then one day when you wake up and discover that you account has been compromised then maybe you would reconsider changing your safety scale when using authy or google authentication.

DdmrDdmr has tried all he can to provide you with some guideline and links to them. I suggest you take your time and read them
As a person whose account has even been compromised before, you won't see it coming until one day, you wake up to a terrifying experiencing

2FA's definitely not perfect, but it does provide you security against a hacker that has your login username and password on a site like an exchange. There's really no way to completely eliminate the possibility of an account you own getting hacked, but 2FA's easy to set up once you get the hang of it and it provides a good deal of security at essentially no cost.

With Authy, you don't have to manually contact the exchange or service you're using if you were to lose the device that you have your 2FA accounts on, as Authy allows you to backup and view your 2FA backup codes, and you can also access your Authy accounts on multiple devices instead of just one. Both Authy and Google Auth are compatible with 2FA; it's your choice in the end, but I keep most of my 2FA accounts on Authy.

Learn and practice good habits in securing your 2fa or your account rather, and you'll eventually build confidence 'cause you did the best that you could, but ofc I'm not expecting a 10. You may feel overwhelmed, but its gonna be worth it.

You're prolly fine as long as you safely store your backup codes in at least 2 places and have an app which lets you back-up. If you don't like authy as it does online backup, andOTP lets you save in your local storage.

There is no reason to worry about google authenticator. But if you are that sort of person who losses or brakes his phone often it can be a bit of a problem for you. Just keep your phone safe and so will the app that protects your funds on it be.

You won't learn if you will not help yourself. Remove doubts and move forward.

Peoples above gave you good responses.

What you must to do now is to follow it. READ READ READ.

As long as your careful with its details and make sure you alone handles your phone, I do not think you should be having any problem using it.
It's a feature everyone should have, at least anyone who takes security very serious.
Make sure your careful and not careless with your phone after you must have enabled this
Spread your codes also, so should incase something happens,you will be able to retrieve

You won't learn if you will not help yourself. Remove doubts and move forward.

Peoples above gave you good responses.

What you must to do now is to follow it. READ READ READ.
[/quote]

Fair enuff.  I have printed these replies (and  the links) a will read them tonight.  Thanx

You should use Authy (https://authy.com/) instead as that backups to the cloud and lets you move to another device or even the PC using a Chromium based browser.

If you insist on using GA, you must be aware that, there is a 16 char "key" which is shown before activation, that's your only backup, and has to be done for each and every site you enable 2fa.

While some sites allow to "reset" or turn off 2fa, some don't (or require the 2fa code to deactivate). It is quite possible to lose access to your account if your phone with GA is lost.

Any site what mentions "2fa" can be used with Authy, even if the instructions say "Google Authenticator".

It is impossible to backup GA database without rooting your phone.

First you need to read the rules carefully when using 2FA security, you must backup your private key to avoid losing your phone. In case you lose your phone you can still reinstall 2FA when you have private key, you can also backup to many different phones. I also use Binance which is very safe and easy to use 2FA security with Google Authentiacor. You should know how to use it before setting up.

After you save the changes, you will type the renewed codes every 30 seconds in the program after the password each time you login to Binance. But, definitely save the recovery password somewhere. Because when you change the device and in other cases it will be necessary.

Whatever apps that you choose, just keep in mind that there's a risk you'll lose your device. It should be better to keep the backup offline, even though you already use Authy. Store it in a safe place where you're the only one who knows about it. Better safe than sorry.

You have been giving relevant suggestions already I don't see any use of your confusion.
Did you not open your binance account with an email or something for verification. If you have your password and your phone is backed up then I think you would be fine

Read all the suggestions and don't forget to use google.
If you have a computer you can also access it so even if you lose your phone, there's no problem with that.
I have my 2FA sync in my computer so everytime I add 2FA in any of my accounts online, it will reflect to my other device.

Here's a complete guide you can follow that I saw in the net using google - https://authy.com/guides/binance/

I agree with your idea but this could probably help for those who really wants to be more secured to their accounts. The reason why we need to used 2FA authentication because it is reliable and also only you can access in your account

GA doesn't feature any backup though so the moment you lose your phone, you're screwed.

Yup if you are lazy and careless you are screwed. Just as you are setting up your 2FA, They provide recovery codes but people always ignore the code. They come in handy when you need to recovery your account if you have lost your phone.

I have a bunch of sites and now you mentioned it, I better go locate those backup codes now!

Access binance then go to account settings, locate security to find enable 2FA then copy the 16 digit code then save a back up or write it on a piece of paper then go to authy press the button near the magnifying glass  and press add account, Scan QR code or enter key manually (key=16 digits) then press Okay.

This is what I use and it runs offline too.
https://chrome.google.com/webstore/detail/authenticator/bhghoamapcdpbohphigoooaddinpkbai?utm_source=chrome-ntp-icon

I have been using it for four years.

Well... if you are looking for security, I would really advise against using this or any other 2FA extension. It's not only very insecure as any virus can get your extension data files/2FA secret codes, but it's also useless if you are using in the same computer as you're typing the password. What is the point of 2FA if it's not really a 2-factor-authentication?

If all you want is a quick 2FA for services that require one (and you don't want to bother with it), then it's probably fine.

I think a standalone app would be much better and also having it on multiple devices. Encrypted with a master password of course.

I know but like I said, I got my account 2FA protected in Binance and I can also access it in my PC.
So, if I lost my phone, I still have another option which is my PC.

Why settle for GA when you can use Authy, I use GA before and when my friend lost his phone and got broke, good thing binance support is very responsive and got the account back. This is what I'm afraid of, to lose access to sites that I often use.

In GA there's no recovery back up but in Authy can encrypt a back up in the cloud so if you lost your phone you can still access those authy accounts from other device.

OP again. I am trying to load Authy into my binance account and it looks like it only uses Google Authenticator??  ??? ??? ??? ??? ??? ??? ???

There is no options for Authy setup.  What am I doing wrong here?  When I went the GA route and inputed my Authy info, I get the error message "Binding failed"

Right now I only use a Password, Anti Phishing Code, and SMS Authentification.

I'd like to set up all of it, including Authy, and API.

There are several step by step guides for setting up 2fa on Binance account there is even one (https://support.binance.com/hc/en-us/articles/115000433432-Google-2FA-Guideline) included on the official support site of Binance. The thing you are feeling now is doubt and fear that you might lose your account when you messed up the process but to tell you honestly if you done all the things in the guide you won't need to worry about anything, just think of it as the next process for your account's safety and doing nothing now won't help you secure your account.

Authy (and any other 2fa) use the same config as Google Authenticator. You don't need separate setups, they are the same thing.

If you already had created the 2fa and just want to switch from GA to Authy, you need to use the backup 16 char code in Authy to recover your already active setup. Else you would need to disable 2fa and enable it again.

If you keep getting errors double check your phone time/date is correct.

In all sites the procedure is the same:

When you request 2FA, It generates a (backup) key which you must write-down somewhere and keep it very safe and then scan that qrcode (or input the key manually) in your 2FA app (here you can use GA, Authy or any other).

That is all. the site will now ask you your 2FA code which is the one your app is showing and keeps changing every minute or so.

Correctamundo. It is one diligent step at a time.  Tomorrow I should figure out how to set up the 2FA with Authy.

I just set up my White List (of the only wallets that can send funds out of Binance ) it goes to my Ledger Nano.  That seems decent... but what if I lost my phone?  Is the White List going to block me from sending funds out of Binance?

The whitelist is not related to your phone, but rather to the wallet addresses you can send them to, so losing your phone will not stop you from withdrawing your funds.

Since you are going to setup 2FA using Authy, just make sure that you keep an Authy backup in case of phone loss. You can even set it up on multiple devices, all sharing your access codes. For example, I have got it on my phone and ipad, and can use Authy on either of them to gain access to my 2FA protected accounts.

Check Authy’s website on how to do this. If I recall correctly, I installed Authy on my second device, used the same phone number as on my primary device upon registration, received an SMS password to use for my second device on my first device, and followed a couple more steps to unlock each 2FA token on the device (It requires creating a backup previously I believe). 

A guide for someone who need .details to activate 2FA on Binance
https://coinsutra.com/google-authenticator-setup-guide/
And, more important step is never forget or too lazy and do not backup 2FA codes.
One more step, is after saving backup of 2FA, make sure that you test the backup to see it works for your account when you lost your phone or not.
If not, return to your Binance account profile, deactivate 2FA, then reactivate it and get new 2FA codes.
Then, reappyling those steps again till you see your 2FA backup codes work fine.

This is what I actually meant, sorry for my previous posts, there was a little confusion on my part.
I'm using AUTHY for both my phone and my PC and they all sync with each other.

if you have google authenticator QR code Backup ?

It is why I mentioned above that before activate 2FA, the 2FA codes should backup.
After backup, please remember to test the 2FA backup codes in assumed scenario in which you lost your phone, computer.
If those backup of 2FA works fine for you, it's time to start send money to your account.

OK Folks... i completed Authy registration with Binance!! It is all 2FA from here on.

What does "3FA" stand for?

It was confusing setting up because my "Passcode" was my Binance password, not my Authy Backup Passcode.
Then my "Google Authentification Code" was the 16 digit QR Code, not my Authy 6 digit Token... or the other way around?

Binance did not exactly word it self explanatory since it is juggling all these different codes and phones and iphones and desktops and emails.

It's all good to go. Now how do I TEST this thing out??????????  I'm scared to Log Out of binance now...

Yes your Binance password/passcode is different  from Authy backup passcode because authy is an entirely different thing from Binance.
Authy stores an encrypted copy of all your Authenticator accounts... if you lose your phone, It is that passcode you are going to use to recover your backups stored by authy so that you can get your 6 digit token for authentication.
It's more like an online cloud for your Authenticator accounts.

The 16 digit QR code from Google authentication is actually the recovery code... which you can write and keep somewhere safe. Since google authenticator does not offer cloud back, that is the code you use to recover your binance account.

Otherwise, once you set them up, both authentication apps will display a similar 6 digit token code every 30 seconds

This may help you what 3FA means as there's another meaning of it if it's not for authenticating. 3FA is three-factor authentication (3FA) or you can visit here https://searchsecurity.techtarget.com/definition/three-factor-authentication-3FA.

Once your 2FA is activated access binance and sign in then when you are prompted to input a code just open your authy, select the name you use and copy the 6 digit provided in authy then your good to go. In my case is not binance but all I did was sign in to the site then press the sign in button and input the 6 digit code then validate to continue.

It's a prety decent outfit being all set with the Authy.

I like the Binance, White List feature too... is that a strong idea to block out hackers or something????  it seems like the White List has potential to be much smarter than AUTHY is.  If you can only withdrawl into your private wallets, how could anybody steal anything from your Binance?????

It’s another safety feature, but not one that is not inexpungable:

- The whitelist is meant to work along with Binance’s software ecosysytem. If the exchange itself get’s hacked at some point, those restrictions may be bypassed easily. There is no tie to your whilelist outside Binance ecosystem.

- Binance is pretty safe, but no exchange is safe from hackers. Officially they have not been hacked yet, although during March 2018 there was an incident by which a third party app requested API keys and started to trade on some user’s behalf, pumping Viacoin in the process. No user was really affected in the aftermaths, as Binance reverted all the trades.

- Software is what it is, and can have bugs and backdoors that lead to unexpected breaches at some point.

Having said that, I pretty much like binance and all it’s user security features. Nevertheless, never consider your assets there invulnerable (after all, you do not control your private keys).

Today I logged into Binance but this was the issue....

It gave 2 options to log in.  The Google Authenticator (in my case Authy) and then SMS.

I typed in the SMS code and I was in.  So it did not require Authy at all, just the SMS.

So I should turn OFF the SMS and only use Authy?

It's a scary yet very real description.  Thanks for heads UP....

That’s how I’ve got it (only Authy). After all, SMS is considered less secure, and 2FA is thought as being way more secure, with the token expiring every 30 seconds.

Edit: It may be a bit early to start messing around with API keys. They are risky if you do not manage them properly. In any case, you need to type an API label of your choice before you hit the "create new key", or nothing will happen (as seems to be the case).

API will typically be used to create your own trading software, or use a trading bot. Unless that is the case, I would stay clear of creating them since they enable trading on your behalf. There is online documentation on Binance ...
 

OK. i removed my SMS option from Binance.  It seems a WHOLE LOT BETTER.  thanks for assistance everyone.

Now I am staring at this API option.  What is that??? I click the link to API options and it goes into nowheres land...

You don't have to worry about the API unless you want to use a third party program with Binance. For example a trading bot.

Now most of the exchanger required to use  Google Authenticator  for account security and also add withdraw password some exchanger. when you enable   Google Authenticator  2f  you must be stored your security code because when your phone change or lost this key helps to login your account.So more details about its visit https://support.binance.com/hc/en-us/articles/115000433432-Google-2FA-Guideline