Google 2 A Authentication

[Night Owl]

Sorry in advance if this question has been asked before, I can't find it.


I am new to BTC, there is a lot of good info here but will take time I see to learn it all.

My question is: what happens if i loose my mobile with my 2 A Authentication on it? How do I log back in to the exchange? Will I have to email them and jumb through lots of questions? Would it be easy to set up again on new phone?
I have not lost it but was just wondering as no exchanges seem to give a secret backup code.

Also if you use a online wallet and I want to use it while away from my computer, that means I need two phones, one to log on and the other to get my Authentication code. Who walks around with two phones, unless one is a work one which I would not want to use.

Thanks in advance.

[Lucky Cris]

Looks to me that it's 2FA you know nothing about.

[ForgottenPassword]

Sorry in advance if this question has been asked before, I can't find it.


I am new to BTC, there is a lot of good info here but will take time I see to learn it all.

My question is: what happens if i loose my mobile with my 2 A Authentication on it? How do I log back in to the exchange? Will I have to email them and jumb through lots of questions? Would it be easy to set up again on new phone?
I have not lost it but was just wondering as no exchanges seem to give a secret backup code.

Also if you use a online wallet and I want to use it while away from my computer, that means I need two phones, one to log on and the other to get my Authentication code. Who walks around with two phones, unless one is a work one which I would not want to use.

Thanks in advance.

I recommend that you take a photo of the QR code when setting up 2FA and keep it safe. If you lose your phone you can use it to get back into your account without having to deal with the website. Some websites don't have proper procedure in place to deal with lost 2FA devices. There is no "standard" way to do it, each website has it's own procedure to deal with it and it might be difficult to get back in.

[virtualx]

2FA Authentication is not related to Bitcoin, but a security setting of an online exchange: you can use bitcoin outside of exchanges (in desktop wallets or paper wallets) which do not require it.

If you lose your mobile, you would need to contact the exchange admins and in some way prove it's you. As long as you don't get a reply from them your money is stuck there. You need a private key to move the money, but usually exchanges don't give you your private key. They will only show the public key. Thus in this situation you need either to prove it's you, probably by sending a lot of personal information, or to find your phone again.

That's one of the major differences between using a desktop wallet and an online exchange.

[Night Owl]

Sorry in advance if this question has been asked before, I can't find it.


I am new to BTC, there is a lot of good info here but will take time I see to learn it all.

My question is: what happens if i loose my mobile with my 2 A Authentication on it? How do I log back in to the exchange? Will I have to email them and jumb through lots of questions? Would it be easy to set up again on new phone?
I have not lost it but was just wondering as no exchanges seem to give a secret backup code.

Also if you use a online wallet and I want to use it while away from my computer, that means I need two phones, one to log on and the other to get my Authentication code. Who walks around with two phones, unless one is a work one which I would not want to use.

Thanks in advance.

I recommend that you take a photo of the QR code when setting up 2FA and keep it safe. If you lose your phone you can use it to get back into your account without having to deal with the website. Some websites don't have proper procedure in place to deal with lost 2FA devices. There is no "standard" way to do it, each website has it's own procedure to deal with it and it might be difficult to get back in.

Well not wanting to look stupid; Oops to late

How would you use a photo to get back into the exchange?

[Night Owl]

2FA Authentication is not related to Bitcoin, but a security setting of an online exchange: you can use bitcoin outside of exchanges (in desktop wallets or paper wallets) which do not require it.

If you lose your mobile, you would need to contact the exchange admins and in some way prove it's you. As long as you don't get a reply from them your money is stuck there. You need a private key to move the money, but usually exchanges don't give you your private key. They will only show the public key. Thus in this situation you need either to prove it's you, probably by sending a lot of personal information, or to find your phone again.

That's one of the major differences between using a desktop wallet and an online exchange.

I want to also set up an account with Coin Jelly a online BTC wallet, where they guarantee every acc up to 20 BTC. They also use 2FA

[Night Owl]

Looks to me that it's 2FA you know nothing about.

Wow that was helpful, tell me something I don't know

[ForgottenPassword]

Well not wanting to look stupid; Oops to late

How would you use a photo to get back into the exchange?

When you enable 2FA they ask you to scan a QR code with your phone.

Before you scan it take a picture of the QR code and store it on something other than your phone, like a memory stick and keep it safe (if someone gets it they can login to your account without your phone).

If you lose your phone, you can use another phone to scan the QR code in the picture and you'll have 2FA for that account on that phone. Enter the code to login as normal. Additionally there is software you can download on your computer that can read it if you don't have a phone to do it with.

[Lucky Cris]

Looks to me that it's 2FA you know nothing about.

Wow that was helpful, tell me something I don't know

You know... my response had absolutely nothing to do with you or your question - that's my problem. I was where you are before, so I know better. So let's try this again....

Personally I prefer emailed, SMS, or phone call 2FA, but that's only because I'm not familiar with the QR code method. Okay I confess, I prefer to carry a clam shell phone, but I do have my iPad mini but still. If push comes to shove, one would think you'd be able to request that the exchange send the coins back to the originating address. In that situation, it's less likely that you're a person attempting to gain access to someone else's exchange account. It probably won't work, but a shot nonetheless.

[Night Owl]

Well not wanting to look stupid; Oops to late

How would you use a photo to get back into the exchange?

When you enable 2FA they ask you to scan a QR code with your phone.

Before you scan it take a picture of the QR code and store it on something other than your phone, like a memory stick and keep it safe (if someone gets it they can login to your account without your phone).

If you lose your phone, you can use another phone to scan the QR code in the picture and you'll have 2FA for that account on that phone. Enter the code to login as normal. Additionally there is software you can download on your computer that can read it if you don't have a phone to do it with.

Thank you kind Sir, that is helpful.

[Night Owl]

Looks to me that it's 2FA you know nothing about.

Wow that was helpful, tell me something I don't know

You know... my response had absolutely nothing to do with you or your question - that's my problem. I was where you are before, so I know better. So let's try this again....

Personally I prefer emailed, SMS, or phone call 2FA, but that's only because I'm not familiar with the QR code method. Okay I confess, I prefer to carry a clam shell phone, but I do have my iPad mini but still. If push comes to shove, one would think you'd be able to request that the exchange send the coins back to the originating address. In that situation, it's less likely that you're a person attempting to gain access to someone else's exchange account. It probably won't work, but a shot nonetheless.

Many thanks for the reply, that would be a fair request to have it returned to sending address.
About 18 months ago my iPhone crashed on me and had to be replaced. I hope it doesn't happen to my new one.

Seems to me no system is perfect.

[Night Owl]

I wonder if it would work to have it set up on a phone and iPad at the same time, would the 30 seconds code sequence be the same?
I would take the security risk as I use strong passwords that are kept off line.


Shit damn I have to wait for 360 seconds between posts.  I don't have a stutter 

[Lucky Cris]

Looks to me that it's 2FA you know nothing about.

Wow that was helpful, tell me something I don't know

You know... my response had absolutely nothing to do with you or your question - that's my problem. I was where you are before, so I know better. So let's try this again....

Personally I prefer emailed, SMS, or phone call 2FA, but that's only because I'm not familiar with the QR code method. Okay I confess, I prefer to carry a clam shell phone, but I do have my iPad mini but still. If push comes to shove, one would think you'd be able to request that the exchange send the coins back to the originating address. In that situation, it's less likely that you're a person attempting to gain access to someone else's exchange account. It probably won't work, but a shot nonetheless.

Many thanks for the reply, that would be a fair request to have it returned to sending address.
About 18 months ago my iPhone crashed on me and had to be replaced. I hope it doesn't happen to my new one.

Seems to me no system is perfect.

well, I feel better that you accepted my apology (yeah, that was my sorry ass version, lol), but at least you own an iTrash device... this coming from someone who owns many iDevices btw. If you worry about data your phone again... take a screenshot of your QR code (press home & power button together), then back that shit up to iCloud.

[Lucky Cris]

I wonder if it would work to have it set up on a phone and iPad at the same time, would the 30 seconds code sequence be the same?
I would take the security risk as I use strong passwords that are kept off line.

Shit damn I have to wait for 360 seconds between posts.  I don't have a stutter 

Nope, they'll be different.

[ForgottenPassword]

Personally I prefer emailed, SMS, or phone call 2FA, but that's only because I'm not familiar with the QR code method.

What if your email account was hacked? SMS/phone call also isn't the most secure way to do it. Phone company can see those, greedy employee's or hackers who've hacked your phone company can get them.

In simple, the QR code method works like this. The website generates a big long random string of letters. They make it into a QR code so you don't have to type it in. You scan it, your phone saves the random letters.

When you open the app on your phone, your phone gets the current date and time and the random string and hashes it. Hashing it basically jumbles it up in a way that can't be easily reversed back, the end result is a six digit code.

You enter that in the website, and the website uses the same random string that they gave you before and the current date + time and does the same thing, hashes it. It should calculate the same six digit code. If the code you gave them matches the same one they calculated it'll let you in, if they don't it won't.

This way is MUCH more secure than SMS/email. You do not need internet access on your phone to do this, all your phone needs is the random letters and the right time (has to be almost to the second accurate or else you'll have a different code to the one the website generates). Someone wanting to hack your account needs the random letters and they are long and random, it'll take a LONG LONG time to guess them like a bitcoin private key. And if someone uses your phone and writes down the six digit code, it'll only be valid for 30 or so seconds.

I wonder if it would work to have it set up on a phone and iPad at the same time, would the 30 seconds code sequence be the same?
I would take the security risk as I use strong passwords that are kept off line.

Lucky Cris was wrong. This will work fine so long as both iPad and phone have the exact right time set. Try it out, I do something similar.

[Night Owl]

Looks to me that it's 2FA you know nothing about.

Wow that was helpful, tell me something I don't know

You know... my response had absolutely nothing to do with you or your question - that's my problem. I was where you are before, so I know better. So let's try this again....

Personally I prefer emailed, SMS, or phone call 2FA, but that's only because I'm not familiar with the QR code method. Okay I confess, I prefer to carry a clam shell phone, but I do have my iPad mini but still. If push comes to shove, one would think you'd be able to request that the exchange send the coins back to the originating address. In that situation, it's less likely that you're a person attempting to gain access to someone else's exchange account. It probably won't work, but a shot nonetheless.

Many thanks for the reply, that would be a fair request to have it returned to sending address.
About 18 months ago my iPhone crashed on me and had to be replaced. I hope it doesn't happen to my new one.

Seems to me no system is perfect.

well, I feel better that you accepted my apology (yeah, that was my sorry ass version, lol), but at least you own an iTrash device... this coming from someone who owns many iDevices btw. If you worry about data your phone again... take a screenshot of your QR code (press home & power button together), then back that shit up to iCloud.

No apology needed, Lucky thanks for the reply, backup to iCloud you say, shit I ran out of my free space long ago. Might have to revalue ate that choice

[Night Owl]

Personally I prefer emailed, SMS, or phone call 2FA, but that's only because I'm not familiar with the QR code method.

What if your email account was hacked? SMS/phone call also isn't the most secure way to do it. Phone company can see those, greedy employee's or hackers who've hacked your phone company can get them.

In simple, the QR code method works like this. The website generates a big long random string of letters. They make it into a QR code so you don't have to type it in. You scan it, your phone saves the random letters.

When you open the app on your phone, your phone gets the current date and time and the random string and hashes it. Hashing it basically jumbles it up in a way that can't be easily reversed back, the end result is a six digit code.

You enter that in the website, and the website uses the same random string that they gave you before and the current date + time and does the same thing, hashes it. It should calculate the same six digit code. If the code you gave them matches the same one they calculated it'll let you in, if they don't it won't.

This way is MUCH more secure than SMS/email. You do not need internet access on your phone to do this, all your phone needs is the random letters and the right time (has to be almost to the second accurate or else you'll have a different code to the one the website generates). Someone wanting to hack your account needs the random letters and they are long and random, it'll take a LONG LONG time to guess them like a bitcoin private key. And if someone uses your phone and writes down the six digit code, it'll only be valid for 30 or so seconds.

I wonder if it would work to have it set up on a phone and iPad at the same time, would the 30 seconds code sequence be the same?
I would take the security risk as I use strong passwords that are kept off line.

Lucky Cris was wrong. This will work fine so long as both iPad and phone have the exact right time set. Try it out, I do something similar.

Wow, if you are right  Forgotten, that would put my mind at rest knowing I at least have a backup without all the hassle, like I said I use strong passwords so would be willing to take the risk.

Oops idiot moment again, I take it both devices will keep ( stay in exact time )  considering that I move around with my mobile

[Lucky Cris]

Personally I prefer emailed, SMS, or phone call 2FA, but that's only because I'm not familiar with the QR code method.

What if your email account was hacked? SMS/phone call also isn't the most secure way to do it. Phone company can see those, greedy employee's or hackers who've hacked your phone company can get them.

In simple, the QR code method works like this. The website generates a big long random string of letters. They make it into a QR code so you don't have to type it in. You scan it, your phone saves the random letters.

When you open the app on your phone, your phone gets the current date and time and the random string and hashes it. Hashing it basically jumbles it up in a way that can't be easily reversed back, the end result is a six digit code.

You enter that in the website, and the website uses the same random string that they gave you before and the current date + time and does the same thing, hashes it. It should calculate the same six digit code. If the code you gave them matches the same one they calculated it'll let you in, if they don't it won't.

This way is MUCH more secure than SMS/email. You do not need internet access on your phone to do this, all your phone needs is the random letters and the right time (has to be almost to the second accurate or else you'll have a different code). Someone wanting to hack your account needs the random letters and they are long and random, it'll take a LONG LONG time to guess them like a bitcoin private key.

I wonder if it would work to have it set up on a phone and iPad at the same time, would the 30 seconds code sequence be the same?
I would take the security risk as I use strong passwords that are kept off line.

The other guy was wrong. This will work fine so long as both iPad and phone have the exact same time set.

I'm not saying it's the most secure way, no. Nothing is the most secure. However, a hacker would need to know both my password and have access to my cell, iPad and/or email to access the accounts I use 2FA for. I never use any type of auto log on feature like what I think you're describing? I know how the random code generator works for 2FA - I use it on my iPad, but it's conjunction with my account password (if that makes sense). But isn't that method tied to a specific device anyway? Again I don't use QR codes so my 2FA apps are always tied to my device... IDK...maybe it seems that the a new QR code should be generated for each log in?  I'd feel much 'safer' with a random QR codes for each log in. What if I'm sitting at work (I'd never do this), and have the QR code on my screen - with the cameras on today's code, someone 10 feet behind could take a pic of screen and capture my code. That's a little extreme, but what if I lose my phone with the QR pic saved as a pic? Rhetorical question of course.

[ForgottenPassword]

Wow, if you are right  Forgotten, that would put my mind at rest knowing I at least have a backup without all the hassle, like I said I use strong passwords so would be willing to take the risk.

Oops idiot moment again, I take it both devices will keep ( stay in exact time )  considering that I move around with my mobile

Yes, you may need to do this on both devices:

    Go to the main menu on the Google Authenticator app
    Click Settings
    Click Time correction for codes
    Click Sync now

[Lucky Cris]

Wow, if you are right  Forgotten, that would put my mind at rest knowing I at least have a backup without all the hassle, like I said I use strong passwords so would be willing to take the risk.

Oops idiot moment again, I take it both devices will keep ( stay in exact time )  considering that I move around with my mobile

You might want to confirm that... it's possible it could be device based. When I carried an iPhone and iPad - I could hit the 'generate' button at the same time and both would generate a different code. Again - I don't use QR codes so it could work totally different... but with non QR code token generating apps (that's what they are - I use iToken now) after entering my password for the site, I just have to add the code provided by iToken.