How to prevent lost of 2FA key

[Lapinoudead]

Hi,

I'm using Google Authenticator to secure my different crypto accounts. It's on my phone.

I'm thinking about the time I will lose my phone.

What is the things I can do to prevent the lost of my access ? Can I save a key/Qrcode and use it to get back my account ?

Thanks,

[1714795046]

1714795046

[1714795046]

1714795046

[jackg]

You should write down the key if the website advises it.

Some might have alternative recovery methods (for example if you've used kyc with them) but if you haven't you should write down the original secret key they give you (all apps should allow you to export it if they're up to date).

[Lapinoudead]

Okay, I think I've lost my setup key but I still have my phone and access to my codes.

Is-it possible to get back this key, or I must export to a new account ?

[hosseinimr93]

You can back up the google authenticator.

To do so,
    1. Tap on menu button (the 3-dots button) at top of the screen.
    2. Select "transfer accounts".
    3. Select "Export accounts".
    4. Check the accounts you wish to back up and tap on "Next".

After steps above, you will see two QR codes. Keep them in a safe place.
Since your phone won't allow you to get screenshot, you need to take a photo from the screen using another phone.
(It's more safe to use an air-gapped phone for taking the photo and print QR codes.)

[sujonali1819]

what hosseinimr93 has said is right and you should follow it. To be honest only writing on a paper manually or printing the qr code to a physical paper and keep it in safe place on your home or somewhere you feel secure. If you keep it online then it help to user everywhere,  but it could be lost any time if you were a victim of hack. also if you keep the code or photo in your phone memory then key could be lost if you lost your phone.

[mk4]

Not sure how good/bad Google Authenticator is now, but if you're interested in trying something different, you might want to try Aegis Authenticator instead.

Topic: Aegis Authenticator, a decent alternative to Google Authenticator and Authy https://bitcointalk.org/index.php?topic=5192978

[Zilon]

I think writing down your private key and keeping it safe should be one of the measures you should take so as to secure your funds in case you misplace your phone. Although most wallets has kyc verification which could be used to recover your wallet. But in cases of it's unavailability your private key would be your saving factor

[o_e_l_e_o]

Most sites, when you first set up 2FA, show you both a QR code to scan and a long string of alphanumeric characters. These both represent the same thing - the shared secret which you use to generate your 2FA codes and the site in question uses to verify the codes you enter are correct. You should always write down your shared secret on paper and back it up securely, just like you would do with a seed phrase.

Further, you should switch away from Google Authenticator and instead use an open source authenticator app which allows you to export an encrypted database of all your 2FA codes so you never run the risk of losing access to your accounts. Aegis is a good choice, as mentioned above.

[RickDeckard]

Further, you should switch away from Google Authenticator and instead use an open source authenticator app which allows you to export an encrypted database of all your 2FA codes so you never run the risk of losing access to your accounts. Aegis is a good choice, as mentioned above.

I totally agree with this. For many years I've used Google Authenticator, but I'm trying to move away from them as they are too much invasive (I can't seem to leave Gmail and other tools, so I'm trying to leave the ones I can).

I would recommend either Aegis or andOTP. They are basically the same, open source and all, but I do agree that Aegis ends ups having a better looking UI. andOTP is more "basic" but features a lot more of customization, so I guess it's more geared towards the advanced users.

The benefit of both of these apps is that you can keep encrypted backups of your keys. So even if you loose your phone, provided you have those backups, you can simply import them into a new installation of andOTP or Aegis and the programs will automatically implement your keys without the need to have them in a random piece of file/paper.

[zasad@]

After registering with the service, save this image on your computer and encrypt it with VeraCrypt.
https://veracrypt.fr/en/Home.html
Do not use email access and 2FA key on the same phone. If your phone is stolen, you will lose your cryptocurrency.
If you have small amounts, and you will not be upset at the loss, then this rule can be ignored.
Typically, users use multiple phones.

[Quickseller]

Okay, I think I've lost my setup key but I still have my phone and access to my codes.

Is-it possible to get back this key, or I must export to a new account ?

You can disable, and subsequently re-enable 2FA in order to get a new setup key.

First, you use a 2FA code generated by the authenticator app to disable 2FA. Next you enable 2FA on your account, the service will provide a new QR code and new alpha-numeric code that you need to load onto the authenticator app. This will be different than your previous code, and your previous 2FA codes will not work, so be sure to add this to your authenticator app. Before navigating away from the page with the QR code and alpha-numeric code, make multiple backups of this code in case you lose access to your phone.

[Rengga Jati]

First, there is a private code when you are first activating the Google Authenticator. It must be saved because it can be used for backup when you lose your GA.
However if you didn't save it, you can try following the steps in this link, it will really help to backup:

https://blockspot.io/backup-google-authenticator/

There you can find much information about backing up the GA and how if we lost our GA.

There is also a case when we lose our GA and we didn't save the backup code. I think we can contact the supports of the exchanges or platforms. However, not every exchange or platform will help you resolving this matter to reset GA and if there is, the mechanism is commonly complicated and you need certain proof s or documents to prove that the account is exactly yours.

Tat is why backing up the codes and also other private data for accessing GA is very important.

[Bravehash]

Years back google auth has no 2FA backups to gmail account but today they have make this available, you can also choose to write down the 2FA numbers in a safe location but gmail sync is more safer and highly recommended

[Grafen]

Hi,

I'm using Google Authenticator to secure my different crypto accounts. It's on my phone.

I'm thinking about the time I will lose my phone.

What is the things I can do to prevent the lost of my access ? Can I save a key/Qrcode and use it to get back my account ?

Thanks,

Take a pic of each QR or export from app

[dkbit98]

What is the things I can do to prevent the lost of my access ? Can I save a key/Qrcode and use it to get back my account ?

I would recommend replacing Google Authenticator with other open source 2FA apps like Aegis, andOTP that is available even for older Android smartphones with F-Droid, or WinAuth for Windows OS.

You can then scan secret key QR codes with those apps (it would be a good idea to write them on paper also) and import them one by one, and make encrypted backup from settings after that.

[Luzin]

I would recommend replacing Google Authenticator with other open source 2FA apps like

Almost 5 years I have not used GA. I use Authy for the security of my account. I don't know if GA can be duplicated to other phones, but Authy can. You only need to remember the password with your email. I don't know this is a plus or a minus. Maybe if you lose your phone it will be easier to get backups.

[o_e_l_e_o]

I use Authy for the security of my account. I don't know if GA can be duplicated to other phones, but Authy can. You only need to remember the password with your email. I don't know this is a plus or a minus.

I'm afraid it's a minus, and a big one at that, which is why most people no longer recommend it. Authy is no longer open source, and they now back up all your shared secrets, 2FA codes, and other info to their own servers. If someone hacks your email, they can potentially restore your 2FA codes to another device. This means they can use your email to reset your exchange/account password and receive your 2FA code, which negates the entire point of 2FA since both factors can now be accessed by compromising one thing (your email account).

If you lose access to your account, then Authy demand full KYC from you, including copies of photographic ID to restore your access. They also track which codes you access, when you access them, the IP you access them from, and link all that back to to your email address and other personal information they store about you.

There is no reason to use Authy when you can use an open source alternative such as Aegis, perform your own encrypted back up, and maintain your privacy.

See another post I made regarding Authy here:

I was reading from here: https://www.twilio.com/legal/privacy/authy

If we cannot easily confirm that you are the rightful account holder of the Authy account associated with your old number, we will ask you for your phone account information and a copy of physical identification such as a drivers’ license, national ID, or passport, which we then use to confirm your claim to the account. From time to time, if there are other situations where we need to verify that you are the rightful account holder of your Authy account, our support team may require you to provide identity information like a drivers’ license, national ID or passport.

Emphasis mine. More worrying that just for account recovery, they may also lock you out of your 2FA account (and therefore all of your online accounts which use 2FA) and demand KYC "from time to time". How reassuring.

When you use an Authy token to log into an account, whether the token was generated on the app or one sent to you via your phone number, we collect and keep information associated with your login activity including information like your IP address, what application or program you logged in to, that you logged in, and when.

They track your activity across all your accounts, linking that to your email address, phone number, and IP addresses...

Over the last year, we have shared Identifiers and Internet or other electronic network activity information with third parties, as we describe in this section.

...and they share it with third parties.

I don't understand the benefit of this service. It is the equivalent of a web wallet for 2FA: You are letting someone else handle all your codes, have the power to lock you out of your accounts, and invade your privacy, all for something you can do yourself easily, freely, securely, and privately.

[Mr.right85]

You can back up the google authenticator.

To do so,
    1. Tap on menu button (the 3-dots button) at top of the screen.
    2. Select "transfer accounts".
    3. Select "Export accounts".
    4. Check the accounts you wish to back up and tap on "Next".

After steps above, you will see two QR codes. Keep them in a safe place.
Since your phone won't allow you to get screenshot, you need to take a photo from the screen using another phone.
(It's more safe to use an air-gapped phone for taking the photo and print QR codes.)

Ok, thanks for the update,
I just did it & it worked perfectly the exact way you said it, 👌🏾

[sedinvore]

I lost my phone and I have no QR codes or anything. Is there any way to get my 2FA key?

[Pmalek]

I lost my phone and I have no QR codes or anything. Is there any way to get my 2FA key?

Did you use Google Authenticator or some other app? Unless you previously exported your account including the codes for the sites you are trying to recover, there is not much you can do. If you don't have the recovery code for the exchange (I assume you are trying to login to an exchange) all you can do is contact the customer service department of the site and request that they reset your code. Be prepared to go through KYC and waiting days and weeks for them to respond.