What happens to Google Authenticator codes if you lose your phone?
February 24, 2018 11:21 AM Subscribe
What happens to Google Authenticator codes if you lose your phone?
I have googled this and read the explanations—and I am still to dumb to get it (sorry).
Basically I have money invested in Binance and the Authenticator numbers are integral to logging in...but if I lose my phone, can I reinstall Authenticator and generate new numbers? Or did I screw up by not writing down the backup codes when I installed it? The process was honestly a blur and I feel silly now for being in over my head, as far as grasping the 2FA concept goes :/
I have googled this and read the explanations—and I am still to dumb to get it (sorry).
Basically I have money invested in Binance and the Authenticator numbers are integral to logging in...but if I lose my phone, can I reinstall Authenticator and generate new numbers? Or did I screw up by not writing down the backup codes when I installed it? The process was honestly a blur and I feel silly now for being in over my head, as far as grasping the 2FA concept goes :/
Best answer: It looks like Binance has sms authentication too (where they text you a code). Did you have that enabled? Assuming your phone number is the same, I'd try to log in and see if that option comes up. If you can get into the site, you'll be able to set up Google Authenticator again.
Also, this support page suggests they can verify your identity with a picture including your password. If all else fails I'd submit a ticket at the link with the requested photo explaining your situation.
posted by beyond_pink at 11:37 AM on February 24, 2018
Also, this support page suggests they can verify your identity with a picture including your password. If all else fails I'd submit a ticket at the link with the requested photo explaining your situation.
posted by beyond_pink at 11:37 AM on February 24, 2018
I have changed my phone often enough that I am used to having to rescan the code to reactivate the authenticator on a new phone. It is an easy process if you have access to the Google Account on the web.
posted by AugustWest at 1:03 PM on February 24, 2018
posted by AugustWest at 1:03 PM on February 24, 2018
I use Authy as it can be installed on multiple devices, synced via cloud storage and secured by a master password & fingerprint if you need. It supports binance too, it seems.
posted by punilux at 1:13 PM on February 24, 2018 [3 favorites]
posted by punilux at 1:13 PM on February 24, 2018 [3 favorites]
Seconding that it depends on the specific site in question. Most have some sort of alternate way of logging in via a backup code or SMS auth (which has its own problems) or the like, but there isn't a universal solution either.
If you're worried about losing your second factor and you're not sure how you'd recover your account without it, I'd recommend picking a very secure password/passphrase (like a Diceware passphrase, or a long randomly generated password kept in a password manager) and disable 2FA on the account until you are sure you have some sort of backup plan in place.
posted by Aleyn at 2:50 PM on February 24, 2018
If you're worried about losing your second factor and you're not sure how you'd recover your account without it, I'd recommend picking a very secure password/passphrase (like a Diceware passphrase, or a long randomly generated password kept in a password manager) and disable 2FA on the account until you are sure you have some sort of backup plan in place.
posted by Aleyn at 2:50 PM on February 24, 2018
As others mentioned, you should keep the backup codes around just to login. If you lose the phone, you anyway
should remove all the old second factors and create
new ones.
I also keep the initial secret for every site using 2-factor
in the keepass db entry for that site (it is generally a long string of plaintext characters).
for example, google's secret looks like:
abd3 k5cd ... (8 blocks of 4-characters each).
When I move to a new phone, I setup the new authenticator using the initial secrets (most apps I have used support both QR-code as well manual secret entry).
If the new device has proper time and you enter the
correct initial secret, the 2-factor codes should be in
step with those generated by the old app.
But this does not help for existing logins since that secret string is not displayed later. It is only available once at setup (probably, these is some other way to extract it).
Building on what punilux suggests, keepass supports 2-factor generation using a plugin. So, you get authy-like functionality via. the keepass database which can be sychronized across devices. But, I think maintaining the time correctly on the device where keepass is being used is important. authy may not have such issues.
posted by dvr at 2:26 AM on February 25, 2018
should remove all the old second factors and create
new ones.
I also keep the initial secret for every site using 2-factor
in the keepass db entry for that site (it is generally a long string of plaintext characters).
for example, google's secret looks like:
abd3 k5cd ... (8 blocks of 4-characters each).
When I move to a new phone, I setup the new authenticator using the initial secrets (most apps I have used support both QR-code as well manual secret entry).
If the new device has proper time and you enter the
correct initial secret, the 2-factor codes should be in
step with those generated by the old app.
But this does not help for existing logins since that secret string is not displayed later. It is only available once at setup (probably, these is some other way to extract it).
Building on what punilux suggests, keepass supports 2-factor generation using a plugin. So, you get authy-like functionality via. the keepass database which can be sychronized across devices. But, I think maintaining the time correctly on the device where keepass is being used is important. authy may not have such issues.
posted by dvr at 2:26 AM on February 25, 2018
« Older Is it safe to take antibiotics after getting... | Workplace bullies, sexual aggressors... Newer »
This thread is closed to new comments.
If you don't have your backup codes, you should log into the site now (while you still have your phone and Google Authenticator set up), somehow remove the existing Google Authenticator code on the site, and generate a new one and add that to your phone, as well as writing down the backup codes.
posted by meowzilla at 11:32 AM on February 24, 2018 [3 favorites]