An extra layer of security - Back up your 2FA

[Gloverwrt]

2FA is a measure that serves as an extra layer of security, it requires users to provide added information after the password before gaining access to an account.
There is SMS authentication,
EMAIL authentication, and the most commonly used, google authenticator.

Google authenticator is a security app which is linked to an account using a special code which can be typed or scanned, and it generates 6 digit keys which change every few minutes and without them no one can access the account being protected.
Multiple accounts can be protected using one google authenticator app and there is no way any unauthorized user can get access to the account.

This also means if the true owner for some reason or unforeseen circumstances lost the device where the Google authenticate is installed, even they will not be able to access their personal accounts.

That's why it is advisable to always back up your 2FA by saving the code used to enable it, and hence allow it to be enabled on another device.
If you didn't back up, there's no way of getting the code after it has been enabled.
The best option is to disable 2FA, and then request for another code to enable it (every new code is unique) then you can safely back up your 2FA and have your account fully protected.

[1714045334]

1714045334

[1714045334]

1714045334

[1714045334]

1714045334

[dockerps-a]

I think even safer is to have 2FA for the same account on two different encrypted devices, stored in different uncorrelated locations.

And even safer is to remember to backup codes. It's not actually hard at all if you use basic pegging mnemonics.

[DdmrDdmr]

<…>

Actually, the point of backing-up the security codes for the 2FA cannot be stressed enough. Recently I’ve come across a couple of cases that had either lost their phone or had it stolen, which in turn were not able to locate their backup codes for Google Authenticator. This can be a real hassle when you need to get the 2FA removed from your accounts that were protected by it.

Specifically, I recall a recent case of a user that is having a hell of a time trying to deactivate 2FA on his Hitbtc after having is phone stolen. The exchange requires you to prove you’re your identity (which it obviously should), but submitting not only your identity card/passport and a photo with a text they tell you to write, but also they demand the date the account was created on, where the first deposit was made from, the crypto you have on the exchange, the TX hashes involved, etc. I’ve seen cases such as this still stuck on support after two months.

Authy (a 2FA product) in my opinion is a better solution than Google Authenticator, since it creates an encrypted cloud backup of your 2FA protection data and allows you to have it installed on multiple devices sharing the same information.

[efrenbilantok]

2FA is really important to get some extra hard security to your accounts especially with your exchange accounts sites which you have you funds. As the person above said, google authenticator might be hassle if you lost or break your phone, so i might try the Authy as well is seems to be a good one.

[Marcel666]

Thus would be a very timely intervention if adopted.
The stress associated with disabling 2FA when you as the account owner losses access to your device is much, as it should be, as the platform has to protect the rights and privacy of users.
Backing up takes no time at all, compared to recovering lost accounts.

[dothebeats]

Came to a point wherein I accidentally re-formatted my phone out of frustration without thinking that I have my Google Authenticator activated for an exchange. It was a real hassle considering that Google don't back up any sort of fail-safe once the Authenticator is removed, so you have to go through a lot of various, time-consuming steps just to regain access to your account. I'd rather choose Authy for my accounts that need 2FA since you have an encrypted backup somewhere which you can access if your device gets lost, formatted etc.

2FA is an extra layer of security but you also need to be extra careful on not deleting it/losing your device if the service/app you're using doesn't support a backup of some sort for your 2FA codes.

[LTU_btc]

It's quite common thing that people are using Google 2FA without having backup codes of it. And if they loose or break their phone, then they have serious problems and big headache if they loose something valuable. So, it's very important to backup your 2FA recovery code and keep it in safe place, same like your private keys and restore seed.
And also, people shouldn't use SMS 2FA if it's possible - this type of verification isn't very secure and have security holes. But on the other hand, it's better than no 2FA.

[DR_Vladislav]

<…>

Actually, the point of backing-up the security codes for the 2FA cannot be stressed enough. Recently I’ve come across a couple of cases that had either lost their phone or had it stolen, which in turn were not able to locate their backup codes for Google Authenticator. This can be a real hassle when you need to get the 2FA removed from your accounts that were protected by it.

Specifically, I recall a recent case of a user that is having a hell of a time trying to deactivate 2FA on his Hitbtc after having is phone stolen. The exchange requires you to prove you’re your identity (which it obviously should), but submitting not only your identity card/passport and a photo with a text they tell you to write, but also they demand the date the account was created on, where the first deposit was made from, the crypto you have on the exchange, the TX hashes involved, etc. I’ve seen cases such as this still stuck on support after two months.

Authy (a 2FA product) in my opinion is a better solution than Google Authenticator, since it creates an encrypted cloud backup of your 2FA protection data and allows you to have it installed on multiple devices sharing the same information.

It is good to have the history of deposit and withdrew of your accounts saved in a file as well. So you can provide any information needed

[MishaSER]

I never thought about this question, but I did not see the answer. How are Google Authenticator backups made?

[nakamura12]

I never thought about this question, but I did not see the answer. How are Google Authenticator backups made?

When you're talking about google authenticator the process of backing up the secret key is manually made by the owner of the account. Since google authenticator doesn't have back up feature so you would back up the secret key yourself. I have back ups myself saved in a notepad to use it later on when I use another device.

[DdmrDdmr]

I never thought about this question, but I did not see the answer. How are Google Authenticator backups made?

I don’t think that there is a way to go about it if you haven´t written the backup codes at the moment of registration. I mean you can go to each site that you’ve already got on the are Google Authenticator, disable 2FA and add it again (with care). This should give you backup codes on a site by site basis (originated on the site itself, not Google Authenticator), although in the past I found some to be a pain since they were buggy and simply disabling and re-enabling has issues on some sites protected by 2FA.

Authy is much more seamless with the backups. To try it out, I installed Authy on another device (preserving my first device), and giving my credential I reinstalled all my active 2FA account tokens on the other device from the cloud backup. I now have the same set of tokens operative on two devices. Try that with Google Authenticator.

[MishaSER]

I never thought about this question, but I did not see the answer. How are Google Authenticator backups made?

I don’t think that there is a way to go about it if you haven´t written the backup codes at the moment of registration. I mean you can go to each site that you’ve already got on the are Google Authenticator, disable 2FA and add it again (with care). This should give you backup codes on a site by site basis (originated on the site itself, not Google Authenticator), although in the past I found some to be a pain since they were buggy and simply disabling and re-enabling has issues on some sites protected by 2FA.

Authy is much more seamless with the backups. To try it out, I installed Authy on another device (preserving my first device), and giving my credential I reinstalled all my active 2FA account tokens on the other device from the cloud backup. I now have the same set of tokens operative on two devices. Try that with Google Authenticator.

Thank you very much for the detailed response, of course this is important. I have a lot of accounts connected to 2FA, the whole process will take 1-2 hours, but I will do it.

[Scoobers]

I had to reset my phone to factory settings and lost all my codes. I only had the backup code for one of them. I managed to get 2FA disabled on some accounts after answering a heap of questions, others I can no longer access.

Always make a note of backup codes where available. If you need to delete the authenticator app or reset your phone, disable 2FA on all your accounts first (you will need the app to do this).