2FA and what if i lose my phone...? (at the least suitable time)

[Mikcik]

What happens to 2FA (2 factor authorization) using an android phone on BTC exchnages when i lose (or someone steals) my mobile phone?
I wont be able to log in, what should one do? This didnt happen to me yet, but i want to be ready... is there any other way than to contact the exchange and begin difficult and time consuming task of proving my identity?


And Secondly, what happens if i lose the phone or is stolen, or broken/damaged at the least suitable time? Like when BTC is crashing and i need to login to sell it (or buy it :-) ). At this point i dont have the hours or days that will take it to get back the possesion of my account and full acces...
Is there any other way? Like having the same 2FA on my backup phone? (i dont have a backup phone :-), would have to buy it..)
Or is there a way to setup 2FA using a second offline computer for example?

[1715517070]

1715517070

[1715517070]

1715517070

[1715517070]

1715517070

[gentlemand]

Is this SMS 2FA? You shouldn't be using that anyway. It can be undermined by hackers porting your number.

Switch to google authenticator and with the secret code it gives you when you sign up you can have multiple backups operating at once.

Exchanges should let you back in if you email them from your registered address but with support as slow as it is these days forget chasing market moves.

[TryNinja]

^ The same as gentlemand. Use OTP instead of SMS 2FA.

As he said, you can use Google Authenticator, but in case you don't want to keep saving your secret codes or QR everytime you enable 2FA in a new service and can afford to buy an android app, I recommend you using Authenticator Plus that lets you backup all your 2FA accounts easily.

There is also other alternatives like FreeOTP which is free and IMO still better than Google Authenticator, or Authy which also has cloud backup but makes your 2FA less safer.

[alhal1]

^ The same as gentlemand. Use OTP instead of SMS 2FA.

As he said, you can use Google Authenticator, but in case you don't want to keep saving your secret codes or QR everytime you enable 2FA in a new service and can afford to buy an android app, I recommend you using Authenticator Plus that lets you backup all your 2FA accounts easily.

There is also other alternatives like FreeOTP which is free and IMO still better than Google Authenticator, or Authy which also has cloud backup but makes your 2FA less safer.

So I'm guessing there is no specific need to sue google authenticator as this actually happened to me when I factory wiped my phone and lost by 2FA without realizing. Although luckily it wasn't used on any exchanges

[Scorpion]

If you backed up the secret key you can re-scan the QR code again. If you didn't back it up you will have to email the support team.

[daemonfox]

If you backed up the secret key you can re-scan the QR code again. If you didn't back it up you will have to email the support team.

EVERY 2FA enabled service TELLS YOU TO DO THIS!!!! ALWAYS keep a hard copy somewhere of EVERY QR and key you add 2FA with... or else you WILL one day have the OPs problem.

Best way? Maybe 2FA your Google account, then keep copies of the services QRs/codes you add in a doc in Drive and keep a hard copy of the Google Authenticator's restore QR/Code in a VERY safe place, with other paperwork, lockbox, safe, deposit box etc. Then you will always have access to your drive if all else fails, and that gives you restores to your other services.

EDIT: My bad Scorpion, that's aimed at OP, just quoting your good info.

[Celsiuss]

I like to use Authy, as I can use it on multiple devices, but you need access to one of your trusted devices in order to add a new one. I have Authy on my phone, both of my laptops and my desktop. I did lose my phone once, and I could simply just use the app on my PC.

[GreenBits]

If you backed up the secret key you can re-scan the QR code again. If you didn't back it up you will have to email the support team.

EVERY 2FA enabled service TELLS YOU TO DO THIS!!!! ALWAYS keep a hard copy somewhere of EVERY QR and key you add 2FA with... or else you WILL one day have the OPs problem.

Best way? Maybe 2FA your Google account, then keep copies of the services QRs/codes you add in a doc in Drive and keep a hard copy of the Google Authenticator's restore QR/Code in a VERY safe place, with other paperwork, lockbox, safe, deposit box etc. Then you will always have access to your drive if all else fails, and that gives you restores to your other services.

EDIT: My bad Scorpion, that's aimed at OP, just quoting your good info.

GAuth has a neat little feature to help this, permanent one time otps. They generate in a six or eight pack, and they last until you use them, so you have to take pains to keep them secure (only write them down!L). You can only use them for Google services that ask for otps, not say like, as an otp to get into CEX/Coinbase. But if you need to make a Google account change, it's handy, damn near indispensable, to have.

[Weatherby]

I have enabled 2 FA with all the exchanges because i am not willing to take any risk and they have asked specifically to back up the secret key and if you are able to do so,then you wont find it difficult to scan that QR code once more with your new phone and if you mess up completely and did not have those codes and you end up breaking your phone then you could still contact their support system but it might take a long time for them to sort that issue out.

[2dogs]

I like to use Authy, as I can use it on multiple devices, but you need access to one of your trusted devices in order to add a new one. I have Authy on my phone, both of my laptops and my desktop. I did lose my phone once, and I could simply just use the app on my PC.

Second this. 
My understanding is Authy is tied to the phone number, while GA is tied to the device.

Although got an email from Coinbase yesterday:

..attackers can add new devices to an existing Authy account and take over access to a linked Coinbase account.
To combat these attacks, we will be automatically disabling the Authy multi-device setting and limiting the ability to use SMS to install Authy.

[Mikcik]

Guys... im new to 2FA... i didnt understand half the things you said :-/ :-).

1) So when registering on an BTC exchange for 2FA (im not planning to use 2FA anywhere else, just the exchanges, at least for now). It gives me some secret backup code (or QR code). If i ever lose my phone, and need to login quick, i can use the secret code- scan it with another phone and i have instant acces to that exchanges once again. Correct?

2) But what if i need to login instantly and dont have an acces to another smartphone, only 2 computers. How can i use the "secret back up" code the exchange gave me when enabling 2FA without a second (not lost) smartphone? I need a smartphone to scan this secret/back QR code? Or can i scan it somehow only using a pc


Also im not planning to use sms codes, all my questions are aimed on the codes you can generate on your phone completelly offline, no internet incomming messages, no sms, just generate the code on your phone.

[daemonfox]

Guys... im new to 2FA... i didnt understand half the things you said :-/ :-).

1) So when registering on an BTC exchange for 2FA (im not planning to use 2FA anywhere else, just the exchanges, at least for now). It gives me some secret backup code (or QR code). If i ever lose my phone, and need to login quick, i can use the secret code- scan it with another phone and i have instant acces to that exchanges once again. Correct?

2) But what if i need to login instantly and dont have an acces to another smartphone, only 2 computers. How can i use the "secret back up" code the exchange gave me when enabling 2FA without a second (not lost) smartphone? I need a smartphone to scan this secret/back QR code? Or can i scan it somehow only using a pc


Also im not planning to use sms codes, all my questions are aimed on the codes you can generate on your phone completelly offline, no internet incomming messages, no sms, just generate the code on your phone.

GAuth only requires you to have an Android device with your Google account signed in. That can be virtualized in a number of ways if push came to shove.

The best answer, is YES as long as you have that QR code and the accompanying key saved somewhere, you can use ANY Android device to scan or type it into GAuth and be able to use it again.

[Mikcik]

And if i have the QR code and the secret "code" displayed while setting up 2FA on an exchange and i do lose my phone... I can simply "move" the whole 2FA process to my new phone. But my question is: What if i do not have a second android phone "readily" ready...

Can i use it somehow on a computer? Specifically talking abotu DUO mobile 2FA app for android...? Can i instal it on my 2nd PC (offline PC) and use the computer insted of a mobile phone?

(we are of course not talking about SMS 2FA but the one that generates one time pass code).

is it possible to run on a PC?

[daemonfox]

And if i have the QR code and the secret "code" displayed while setting up 2FA on an exchange and i do lose my phone... I can simply "move" the whole 2FA process to my new phone. But my question is: What if i do not have a second android phone "readily" ready...

Can i use it somehow on a computer? Specifically talking abotu DUO mobile 2FA app for android...? Can i instal it on my 2nd PC (offline PC) and use the computer insted of a mobile phone?

(we are of course not talking about SMS 2FA but the one that generates one time pass code).

is it possible to run on a PC?

IDK on Win... but I know you CAN run an Android VM on Win which will allow you to connect to Google and install apps. It isn't too difficult just a little time consuming. Once it is up though, you can turn it on whenever you need it.

[kurniawaN]

I use Authy App which has server based backup 2FA
It is available on Android and iOS

[Mikcik]

I use Authy App which has server based backup 2FA
It is available on Android and iOS

what does it mean "server based backup 2FA"...? That means you can instal it also on your PC? Or connect through your PC to the server and he will sent you the 2FA one time password each time yo uwanna connect to the exchange?

[Vishnu.Reang]

I am also a little bit confused about the Google Authenticator. I want to use that app, as I read somewhere that it prevents 99% of the Bitcoin hacking attempts. So my question is, can I install the Google Authenticator on two devices at the same time? For example, I am having an Android phone, and a laptop. Can I install this app on both the devices, and use codes from both?

[Mikcik]

I am also a little bit confused about the Google Authenticator. I want to use that app, as I read somewhere that it prevents 99% of the Bitcoin hacking attempts. So my question is, can I install the Google Authenticator on two devices at the same time? For example, I am having an Android phone, and a laptop. Can I install this app on both the devices, and use codes from both?

well yeah that is my question, altough im asking more about the DUO mobile app (which is liek google authen just from other company). We both are talking about offline generation of one time passcode 2FA, not 2FA done via SMS.

Can somebody answer if google authen. and mainly DUO mobile can by run on PC and provide the same functionality as when they are run on mobile phone?

(just info for the vishnu user- you should not however run the app on an ONLINE computer, (at least not on the one you are logging into exchange from), but preferably not run it on a internet connected computer at all.)

[charlescoin]

Even if you lose access to both your 2FA phone and your registered email you can still claim your money and coins if you can prove your identity to the exchange assuming you have completed their KYC processes.