Having issues with 2FA and cannot log into Bittrex account

[Spacedouter1]

Hi all,

I am looking for some advice. When I log into my Bittrex account I can only get as far as the main first log in screen. However when I try to input my 2FA authenticator code, I keep getting the following message: "two factor authenticator code you sepcificed is incorrect. please check the clock on your authenticator device to verify it is in sync"

I have the google authenticator installed on my mobile, however i keep getting this message up.

Has this happened to anyone else and if so, what can i do to resolve this issue?

Many thanks,

S

I have the back up keys. Could i enter my information this way?

[Potato Chips]

It could be a sync problem. In your google authenticator, go to settings -> Time correction for codes -> Sync now.

If that fails, you can try to import your secret key in another authenticator app. Might as well use a better one with backup feature, encryption, local storage etc... like Aegis.

If that doesn't solve it either, contact their support to disable your 2fa for you.

[Spacedouter1]

It could be a sync problem. In your google authenticator, go to settings -> Time correction for codes -> Sync now.

If that fails, you can try to import your secret key in another authenticator app. Might as well use a better one with backup feature, encryption, local storage etc... like Aegis.

If that doesn't solve it either, contact their support to disable your 2fa for you.

Thank you so much for your help with this. I will try the Aegis authenticator and hopefully this should resolve the issue.

I will post again to let you know how i get on! Very much appreciated.

S 

[Charles-Tim]

Thank you so much for your help with this. I will try the Aegis authenticator and hopefully this should resolve the issue.

This issue is not about you changing authenticator app, it is about you making sure the time on your device is correct. Try go to your device setting and check if possible the time can be set automatic rather than manual if set to manual, then change it to automatic.

About using Aegies, it is far better than google 2FA, but also I can recommend you andOTP which is also good with password/pin protection rather than google 2Fa which you can not enable password/pin, also both are open source unlike Google 2FA that is completely close source which is the obvious reason you should not use it.

If that doesn't solve it either, contact their support to disable your 2fa for you.

If the time is correct, it will perfectly work. Also if no kyc has been done on such platform, the customer care may due to no kyc reason not disable the 2FA. It is getting disabled for people that have verified accounts, or at least email verification, even more verification in many cases.

[Spacedouter1]

Hi again

I must point out that i don't have my original phone i set my this up on.  It is broken and the screen is unreadable. I DO have the secret codes though thankfully.  I am struggling with how i can use these to help me log in though. 

[Charles-Tim]

Hi again

I must point out that i don't have my original phone i set my this up on.  It is broken and the screen is unreadable. I DO have the secret codes though thankfully.  I am struggling with how i can use these to help me log in though. 

I will advice you to download Aegies, setup password instead of using finger print (biometry). After the setup, you will see a red button at the lower right side with plus sign in it, click on it, press on 'enter manually' if you have the secret code that you generated from the Bittrex exchange account, then input the secret code, this should work, making it TOTP that will be changing every 30 seconds will be perfect.

[o_e_l_e_o]

I DO have the secret codes though thankfully.

Which secret codes are you referring to here?

Google generates up to 10 back up codes for your account. These will each be 8 digits long. If you lose access to your 2FA, you can use these codes to log in to your Google account only. These codes will not help you recover access to anything other than your Google account.

If you are talking about the secret code Bittrex generated for you when you first set up your 2FA on Bittrex, then it should be a 16 character alphanumeric code. If this what you have, then on Aegis hit the add button at the bottom right, select "Enter manually", under "Name" type "Bittrex" and under "Secret" enter you 16 character code. Leave the rest of the options as they are and see if that works.

I can't seem to find any details on a quick search as to whether Bittrex does use SHA1 for their 2FA codes, so if the above process doesn't work, then try again but this time select SHA256 or SHA512.

[Charles-Tim]

<...>

I may not be totally correct about this because I am using Android phone for it, not computer. I am using Android device, I have both google authenticator and Aegis for testing. The only backup I saw on google authenticator is a QR code which is able to link all the secret codes generated from different sites authentication codes in such a way a single QR code export is needed. On google 2FA, I clicked on 'transfer account's, then I clicked on 'export accounts', inputted my device password, and select on the accounts I wanted to export or backup, I clicked on next and it generated a single QR code, I imported it on Aegis and it was successful, three sites 2FA codes were successfully imported into Aegies at ones. Although, I am using phone for this, it can be different on computer.

The question is how can I get the secret code back up, it was QR code google authenticator is displaying for export which can also be used as backup. Also, I am confused as you said the secret code can not working on other 2FA apps, while the QR code for export which can also be used as backup is working.
Although, I am not implying QR code backup is recommended, the use of secret code is recommended for safety reasons.

[hosseinimr93]

Also, I am confused as you said the secret code can not working on other 2FA apps, while the QR code for export which can also be used as backup is working.

I don't think o_e_l_e_o was talking about that QR code.
He was probably referring to google account backup codes which can be used only for recovering the google account.

[o_e_l_e_o]

Yeah, I was talking about the Google account recovery codes as opposed to the Google Authenticator back up code. I actually wasn't aware that that you could export multiple accounts as a single QR code from Google in a way that was compatible with other 2FA apps such as Aegis.

The question is how can I get the secret code back up

The site you set up the 2FA on should show you an alphanumeric code which you should write down on paper, in addition to the QR code you scan with your phone. On Aegis you can extract this code by choosing to edit an entry, then clicking on advanced and displaying the code.