Google Authenticator Bitcoin Echange Backup?

[Cart]

Hey guys,
I was just wondering that if I were to lose my phone now that I have linked all the Bitcoin exchanges to it with the Google authenticator app, would I lose the access?
Is there a way to "backup" the safety feature like Google Authneticator?
Many thanks in advance!

[anonymoustroll420]

This is a real problem. You can't backup Google Authenticator for security reasons.

Websites are supposed to have a way for you to get back in if you lose your 2FA device. Currently, many BTC websites don't have a way to get back in.

You should check how you can get back into your account if you lose your 2FA device for each website you use.

If there isn't any way, disable 2FA and re-enable it, and when the 2FA QR code appears, take a photo of it and keep it in a safe place. This is much less secure, but it is better than getting locked out.

[Cart]

This is a real problem. You can't backup Google Authenticator for security reasons.

Websites are supposed to have a way for you to get back in if you lose your 2FA device. Currently, many BTC websites don't have a way to get back in.

You should check how you can get back into your account if you lose your 2FA device for each website you use.

If there isn't any way, disable 2FA and re-enable it, and when the 2FA QR code appears, take a photo of it and keep it in a safe place. This is much less secure, but it is better than getting locked out.

Oh, that is an interesting approach.
Saving it, printing it and deleting it might be a pretty safe backup

[anonymoustroll420]

Oh, that is an interesting approach.
Saving it, printing it and deleting it might be a pretty safe backup

I'd recommend you take the photo on your phone, and if at all possible print it from your phone. Transferring the photo to your PC somewhat defeats the purpose of 2FA (even though 2FA can't protect you if your PC is hacked).

You can also scan the QR code with a QR scanner that will show you the text (it looks like a URL with a secret key at the end), and keep that (the entire URL). Then when you want to restore, encode this text back into a QR code and scan it.

I wrote a program that lets you store 2FA codes on an offline PC, and lets you do some cool stuff like encrypt them, copy them to another device or make backups. Perhaps I should release it, it's only command line though and I'm no good at making GUI's.

[socks435]

I think this one may help https://www.cnet.com/how-to/how-to-move-google-authenticator-to-a-new-device/
Well base in my experience in autheticator i was use both pc and my android smart phone but i have my back up in pc because the pc version has the ability to backup your authenticator that you can use in the future..

Try to look to show your secret key and take note and save it somewhere safe. like in the paper and hide it in your wallet.. that you can recover and use it in other autheticator pc version or other devices..

[anonymoustroll420]

I think this one may help https://www.cnet.com/how-to/how-to-move-google-authenticator-to-a-new-device/

That only works for Gmail, not BTC websites, unfortunately.

[Sundark]

This is the reason I am scared to use 2FA for every service which offers that option to enable it. One mistake and you can be locked out for good.
Sometimes it is not worth it. 2FA can create additional hassle, you will need to worry about your mobile all the time.
Some bitcoin services offer nifty feature like limiting IP range - if you are using one IP address, I prefer to use this option instead.

[shinratensei_]

Is there a way to "backup" the safety feature like Google Authneticator?

2 simple step, just try to take a screenshot your barcode for the activation code. And try to back up your secret.

Websites are supposed to have a way for you to get back in if you lose your 2FA device. Currently, many BTC websites don't have a way to get back in.

You should check how you can get back into your account if you lose your 2FA device for each website you use.

Because the key is our account. The exchange site does not have a responsibility with it. Because Google 2fa based on 3rd parties. Exchange sites don't have any responsibility for it.

[anonymoustroll420]

Because the key is our account. The exchange site does not have a responsibility with it. Because Google 2fa based on 3rd parties. Exchange sites don't have any responsibility for it.

Right, but the advice given by Google to website owners looking to implement TOTP is that they should provide a way to authenticate the user if they have lost their 2FA device.

Two ways to do this: first is to have the user write down a code that they can enter if they lose their 2FA device.

Another way which is what Google suggests is to: ask the user to open the website from a browser & IP they used before, ask them for the password, ask them to verify their email, ask them their account details and about some recent activity they did in their account, for bitcoin websites - ask the user to sign from Bitcoin addresses known to them, and then send the user an email and/or text message telling them their 2FA will be reset in 7 days unless they click a link to cancel the request. This is close to what Google does if you need to reset 2FA on your Gmail account for example.

The security of TOTP 2FA is overstated anyway. It really only protects you from password reuse and a crappy password. If your PC is infected, malware can just hijack your session. You can still get phished too.

A better 2FA system would be one that asks you to confirm whatever action you are doing on the 2FA device, then you'd be protected from an infected PC and phishing.

Some bitcoin services offer nifty feature like limiting IP range - if you are using one IP address, I prefer to use this option instead.

I really wouldn't recommend that as your ISP could change your IP range at any time. Also you could get locked out if you forget to pay your bill, or are away from home. IP authentication is weak anyway as a hacker only needs to find a way to use any device on your network to proxy requests. Depdning on how the website is set up, in some cases this can be done by you visiting a website with malicious javascript that allows the hacker to use your browser as a proxy while you have the page open.

[Omura]

Some exchanges offer a backup 2fa key, which you can use if you've lost your 2fa device.

[BitcoinPicasso]

Some exchanges offer a backup 2fa key, which you can use if you've lost your 2fa device.

This is what I have written down for all of my sites. Then I took out my iPad and installed the google authenticator there as well. All I did was enter each code (numeric) into my newly installed authenticator and I have a backup to my phone now. Both Android Phone and iPad have the same sites that I do business on. Chances are I will loose my phone but not my ipad since it sits at home.