So, phone with authenticator destroyed.

[Skrodk]

I know this should be easy, but yeah, im sure you have seen it before - Authenticator gone. Is there any easy way to get my google authenticator onto a new phone?

I still have the old one, but the screen is destroyed.

When i go to this: https://support.google.com/accounts/answer/185834?hl=en&authuser=0

It seems to only deal with an authenticator tied to a google account? Which mine isn't thus it seems mostly useless.. What do i do here? I REALLY would rather avoid going through and getting all my accounts 2FA's revoked, as that seems like an insane pain in the ass.
 As i see it:
1. I can get my screen repaired
2. Go through several weeks of verifying my shit to 15 different exchanges
3. Is it somehow possible to contract google and have them do something?

Any help would be greatly appreciated!

[deedjou]

Hi

As far as i know you only need the account name and the Authentication key that is provided the first time you activate it on the website.
In order to reconfigure a new set of 2FA on a new phone.
i've done the test, it works and i don't think it's linked at all to your google account.

[digaran]

How did you manage to install google authenticating app on your phone without logging on to your account? have you tried to sign in with the same account registered on that exchange on your phone and then installing the app to see if it works? 2FA authentication activated on your exchange account is using the email that you have registered your exchange account.
There is an app that would let you to have your phone's screen on your browser while connecting via USB, do you have debugging mode activated on it or not? try airmore to see what happens, if it didn't work, fix your screen.

[squatter]

I know this should be easy, but yeah, im sure you have seen it before - Authenticator gone. Is there any easy way to get my google authenticator onto a new phone?

I still have the old one, but the screen is destroyed.

I'm not aware of a way to do it without manually adding the token to another authenticator. Just to be clear, you set up all your 2FAs on one phone only, and you have no backups?

It seems to only deal with an authenticator tied to a google account?

Which mine isn't thus it seems mostly useless..

Yeah, this won't help unless you have a backup of your 2FA token. If you could somehow get Google to do this, this would be a big security hole in your 2-factor security.

What do i do here? I REALLY would rather avoid going through and getting all my accounts 2FA's revoked, as that seems like an insane pain in the ass.
As i see it:
1. I can get my screen repaired
2. Go through several weeks of verifying my shit to 15 different exchanges
3. Is it somehow possible to contract google and have them do something?

Unless somebody chimes in with a way to extract data from Google Authenticator (and I really hope there's no way to do this for the sake of people's security), then you should probably get your screen repaired. I had my Iphone screen repaired a while back for $80-90. That's nothing compared with the headache of verifying at all those exchanges.

There is an app that would let you to have your phone's screen on your browser while connecting via USB, do you have debugging mode activated on it or not?

Interesting idea.

[Potato Chips]

I know this should be easy, but yeah, im sure you have seen it before - Authenticator gone. Is there any easy way to get my google authenticator onto a new phone?

GA doesn't let you backup all your codes but each one of them has a corresponding 16-character secret key which you can use for restoring.

1. I can get my screen repaired
2. Go through several weeks of verifying my shit to 15 different exchanges
3. Is it somehow possible to contract google and have them do something?

Any help would be greatly appreciated!

I'm not sure if this works as I haven't tried it but you can try doing method #1 and get your device rooted so you can apply what is mentioned in here: https://android.stackexchange.com/questions/63252/how-do-i-back-up-google-authenticator

If method #1 didn't work, I'm afraid you will have to resort to method #2. After that make sure to backup each code's 16-character secret key and use an app which lets you backup and sync your codes like authy (You can search for more).

Correct me If I'm wrong but I think the codes are stored in your device so google probably won't help??.

[warningsigns]

Next time you should consider using either Authy or 1Password. Both have strong security protocols and both are trusted systems.

Both Authy and 1Password allow you to reinstall their apps and recover accounts previously saved within those apps. With Authy, the process simply involves two steps: download the app and verify by either getting an SMS or a call on the phone number linked to your Authy account. With 1Password, login with your master password and secret key. Done. All passwords and 2FA recovered.

Both work on phones and laptops.

I gave up on Google Auth a year ago after a similar thing happened to my phone. Dropped it and the screen started flickering. I couldn't see the 2FA codes. I then started using Authy but changed to 1Password recently. Authy is very good but I travel a lot and I worry I might not get the verification code by SMS or call while on roaming mode in case I lose or misplace the phone. 1Password is really good. You can save your passwords, private keys and 2FA securely. Their app is often paranoid and will ask for the master password every 2 weeks (this can be switched off or adjusted) or when the phone is rebooted.

[squatter]

Next time you should consider using either Authy or 1Password. Both have strong security protocols and both are trusted systems.

Both Authy and 1Password allow you to reinstall their apps and recover accounts previously saved within those apps. With Authy, the process simply involves two steps: download the app and verify by either getting an SMS or a call on the phone number linked to your Authy account. With 1Password, login with your master password and secret key. Done. All passwords and 2FA recovered.

I'd recommend against 2FA that can be socially engineered through call porting. SMS/cell phone for 2FA is a big no-no these days. Porting attacks are massively on the rise. If a hacker knows your login information, then he'll just need to socially engineer your cell carrier into porting the number.

From a Reddit thread:

BY DEFAULT Authy allows any mobile device with access to the phone number associated to the Authy account to download and access the private keys for that account. IE if you gain access to someones phone through Sprint / Verizon, Authy 2FA by default will do nothing to protect your accounts. If you were to ask me before I checked into this I would have been 100% sure that Authy would require the Master Password for the account to add additional devices. That is definitely not the case. Obviously the hacker would need to crack / know the associated passwords for whatever account they are trying to access but the 2FA in this scenario becomes absolutely useless.

They have since changed the default settings so that multi-device is off by default. But it sounds like a hacker still only needs 24 hours and access to your email and SMS to take over your accounts.

I gave up on Google Auth a year ago after a similar thing happened to my phone. Dropped it and the screen started flickering. I couldn't see the 2FA codes.

Just put the 2FA token on multiple devices and keep a manual copy of the token written down. Problem solved.

[warningsigns]

I'd recommend against 2FA that can be socially engineered through call porting. SMS/cell phone for 2FA is a big no-no these days. Porting attacks are massively on the rise. If a hacker knows your login information, then he'll just need to socially engineer your cell carrier into porting the number.
Just put the 2FA token on multiple devices and keep a manual copy of the token written down. Problem solved.

Thanks for that. I had no idea of such threats until now. But wouldn't it be hard for a hacker to know the entire combination of login credentials (login/password) and also overcome that barrier of porting a number from one phone to another? It's not like this information is advertised (I have a cheap disposable prepaid sim linked to my social media accounts). My Authy sim was uniquely and exclusively for my Authy app.

Porting and sim cloning are not common crimes in the country I live in. Getting a new sim would require a visit to the carrier's store or branch with the same ID or passport used to register the first sim. They take pics of their customers when a sim is purchased here which the carrier's staff see on their computers when a new sim is purchased, making it difficult for impostors to clone sims.

Good to be aware that these risks are still very real and a now thing. Yes, I do take precautions and I would urge others to do so too. Criminals are born every minute and they seem to be evolving and growing at the same rate anti-fraud tools are being developed.

It's all a gamble for these scammers. They can't be 100% sure if all their work will yield anything.

[illyiller]

Porting and sim cloning are not common crimes in the country I live in. Getting a new sim would require a visit to the carrier's store or branch with the same ID or passport used to register the first sim. They take pics of their customers when a sim is purchased here which the carrier's staff see on their computers when a new sim is purchased, making it difficult for impostors to clone sims.

I don't know where you're from. But in the USA, cell providers like Verizon will allow porting over the phone, without much information required. I ported my number in a Sprint store once and they didn't even ask me for ID. After that, I was scared straight.

[jerry0]

What site are you trying to log in with your google authenticator?  I have similar issue.  My old phone which no longer works, i used google authenticator i believe with it on coinbase.  My new phone i use google authentictor with bittrex but i cannot use it with coinbase now.  I log into coinbase and it send me a code to my sms number which i have.  But it still require my google authenticator from my old phone.  That phone is broke and doesn't work anymore.  I emailed coinbase no reply back.


How do i fix this issue then? 

[TryNinja]

What site are you trying to log in with your google authenticator?  I have similar issue.  My old phone which no longer works, i used google authenticator i believe with it on coinbase.  My new phone i use google authentictor with bittrex but i cannot use it with coinbase now.  I log into coinbase and it send me a code to my sms number which i have.  But it still require my google authenticator from my old phone.  That phone is broke and doesn't work anymore.  I emailed coinbase no reply back.


How do i fix this issue then?  

You don't. Why are you using Google Authenticator instead of andOTP which I recommended you to use a few days ago?

Now that your phone broke and you don't have access to your 2FA anymore, you will need to contact Coinbase and wait for a reply. I'm not sure if they are able to reset your 2FA if you provide enought data about you, but you can try (and maybe wait a lot because of their shit support).

With andOTP, a few clicks + a new phone and you would be ok again

[jerry0]

Im using google authenticator on bittrex because that was what i put as my 2FA when i verified my bittrex account.  I did not know about authy.  And if i want to use authy or andOTP... wouldn't i need to email bittrex about this and in the process my account will be frozen?  Because i have funds on bittrex at the moment.  Also i googled andotp... is that an app on the iphone?


My old phone broke.  It was used with coinbase a while back with the 2FA.  But the phone number that i used with coinbase... i still have the same number on my new phone etc.  I do not have the old 2FA code with my old phone written down.  The thing was back then i never even used coinbase much. 


Coinbase did not reply back and i read you should not email them again because it would take longer. thoughts on that?

[TryNinja]

Im using google authenticator on bittrex because that was what i put as my 2FA when i verified my bittrex account.  I did not know about authy.  And if i want to use authy or andOTP... wouldn't i need to email bittrex about this and in the process my account will be frozen?  Because i have funds on bittrex at the moment.

Google Authenticator, Authy, andOTP are all OTP authenticators. You need to understand that ANY OTP authenticator can be used in any website that accepts Google Authenticator. It's not a rule, and just because it's marked as "enable Google Authenticator" DOESN'T mean that you can ONLY USE THIS APP. Google Authenticator uses OTP, and every other app I quoted above does aswell - which means that you can use any of them for your 2FA.

Also i googled andotp... is that an app on the iphone?

I don't think so. In this case, just search for an iOS OTP app that has support for backups.

Coinbase did not reply back and i read you should not email them again because it would take longer. thoughts on that?

Bitcoin popularity is on rise now. Coinbase has tons of new users everyday and they don't have a support good enough to be able answer all the tickets in a reasonable amount of time. Wait and they may answer you. I just can't say when.

[jerry0]

Well i didn't know about authy or the andOTP program.  I never heard of these.  All i knew about was google authenticator so thats why i used it.  And i dont want to change it on bittrex because if i do that, they probably will have to freeze my account. 


Do you think i should send coinbase another email then?  I really dont think they going to respond back.

[jerry0]

How do you remove a phone number you added to authy?  I check and you can only edit it?


I have another issue.  When i click on my account, it shows the phone number i put down which is my google voice number.  The email is one of the emails i have on my phone.  The thing is i have 2 different emails though.  So wouldn't there be a conflict on this?  Because imagine 2 sites like coinbase and gemini.  Both sites i use the same phone number.  But one site email is different from the other.  Wouldn't there be an issue here?  Or would i need to make sure the email for both of them are the same?  I can't imagine that would be the solution right?