Stupidly reinstalled Google Authenticator and lost 2Fa

[indrossi]

Hi all,

I had to factory reset my phone yesterday and upon reinstalling everything from back up, have my lost 2FA keys.  I can still log in to my Electrum wallet as I have the password (and seed key) but as far as I can see, I can't send anything without the 2FA. Is there a fix or workaround for this?

Many thanks.

[OmegaStarScream]

You can restore your wallet using the seed, just make sure to select "Wallet with two factor authentication" when choosing the wallet type.

[HCP]

You have a couple of options:

If you want to keep 2FA:

Option 1. Setup a NEW 2FA wallet, restore your "old" wallet with the seed, then send from the restored one to the new one

or

Option 2. Contact TrustedCoin from the email address you originally used to create/register the 2FA wallet and ask them to reset it


if you don't care about 2FA:

Restore your wallet from seed and you'll be able to send without 2FA. (In this scenario, I'd also recommend creating a new "standard" wallet and shifting the funds to the new "standard" wallet... it'll help avoid complications with dealing with what is effectively a 2-of-3 multisig... ie. not being able to sign messages etc)

[indrossi]

Thank you both, for the quick and clear replies.

This has now been resolved and the funds secured to a new wallet. Thank you again.

[NeuroticFish]

And next time you install a 2FA app consider using one that allows you back up your data like Aegis and such. 
https://bitcointalk.org/index.php?topic=5192978.0

[Husna QA]

And next time you install a 2FA app consider using one that allows you back up your data like Aegis and such. 
https://bitcointalk.org/index.php?topic=5192978.0

Google Authenticator on the April 30, 2020 update has added a backup and restore feature and other features.
For additional features, it seems Aegis has an advantage, especially in the lock feature to open applications.

[HCP]

Google Authenticator on the April 30, 2020 update has added a backup and restore feature and other features.

Not quite...

WHAT’S NEW

* Adds experimental Security Key (FIDO U2F) support to Chrome
* Authenticator’s app preferences will be enabled for backup and restore

So, it only remembers your preferences... it still doesn't backup the keys

They have added a "transfer via QR code" feature which makes it easier to migrate to a new device, but there is still no proper backup facility within the app.

[Husna QA]

-snip-

-snip- but there is still no proper backup facility within the app.

Yes, I think so, too. The Google Authenticator back-up and recovery in the form of export/import account with other devices.
It is not a JSON file like in other authenticator applications (e.g., Aegis). Users still have many choices to choose apps that are comfortable to use with more complete features.

[o_e_l_e_o]

So it just exports a plain QR code image? That's really bad for security, especially as I imagine the vast majority of people are just going to save the QR code to their computer as opposed to printing it out. That would be like your password manager exporting all your passwords in plain text, and you saving them all in a text document on your computer. Good 2FA apps (like Aegis mentioned above) let you export to an encrypted file.

Do people not write down their 2FA back up codes whenever they add a new site or service? Every service, website, wallet, etc., which links with a 2FA app should give you the option of viewing the shared secret as a long alphanumeric string as opposed to a QR code (and if it doesn't, the alphanumeric string can be extracted from the QR code). Some apps will even let you view the alphanumeric string for already paired accounts. Write these down on paper and store them securely like you would with a seed phrase, and you never need to worry about your phone being lost or stolen.

[HCP]

So it just exports a plain QR code image? That's really bad for security, especially as I imagine the vast majority of people are just going to save the QR code to their computer as opposed to printing it out. That would be like your password manager exporting all your passwords in plain text, and you saving them all in a text document on your computer. Good 2FA apps (like Aegis mentioned above) let you export to an encrypted file.

I don't believe that it is meant for creating a meaningful backup per se... if you follow the wording of the workflow, the point of the QR codes that it is generating, is to allow you to migrate to a new device... That is to say:

1. Install GoogleAuth on new device
2. Create QR code on old device
3. Scan QR code using GoogleAuth on new device

et voila, 2FA accounts transferred to new device.

You're not supposed to generate the QR code and then actually store that QR code somehow... although, you could certainly try and abuse the functionality. However, there is no option to "save" the QR code and screenshot functionality is disabled within the GoogleAuth app... although you could use a camera to take a picture of it I guess.

[o_e_l_e_o]

I don't believe that it is meant for creating a meaningful backup per se... if you follow the wording of the workflow, the point of the QR codes that it is generating, is to allow you to migrate to a new device.

Yeah, you are right, but in the absence of an actual back up feature, then I would imagine at least some users are going to try to back up by saving these QR codes, either by taking a photo with another device as you say, or by overriding the screenshot restriction. All in all, the whole situation is entirely unsatisfactory. No reason to be left without back ups of your 2FA when there are other much better apps out there.

Does Google Authenticator at least let you view the shared secret for each site, so you can write the code down for each site if you didn't do it when you first set it up?

The following free and open source authenticator apps both allow encrypted back ups:

https://github.com/andOTP/andOTP
https://github.com/beemdevelopment/Aegis

[Pmalek]

Does Google Authenticator at least let you view the shared secret for each site, so you can write the code down for each site if you didn't do it when you first set it up?

No, I don't think that is possible. I have never seen an option like that. There doesn't seem to be any advanced options. All you can do is change the name of the site that is displayed withing the app and delete the code.

Writing down the recovery code is a fundamental part of the whole process and it shouldn't be skipped. It's the same as not writing down the your seed and than complaining when things go south. Too many people mess it up unfortunately.