What Happens If I Use Two-Factor Authentication and Lose My Phone?


Loading...

Two-factor authentication is an essential security measure that uses your phone to help prevent unauthorized access to your account. It makes it harder to access your account if you lose your phone, but that’s also sort of the point. Thankfully, you aren’t without options if you can’t find the one device you use to verify that you are actually you.

Two-factor authentication, by its very nature, is designed to prevent access to your accounts if you don’t have access to your phone (or other authenticating device). Therefore, there aren’t many ways to circumvent this requirement after the fact. There are many ways to prevent this problem from happening, however. So don’t wait until you lose your phone to set them up.

Loading...

If you’re purposefully getting rid of your phone…

If you know you’re changing phones, make sure you switch to a different device for two-factor authentication (or none whatsoever, temporarily) before you get rid of your old phone. For easy access, here are a few links to where you can change your two-factor settings if you already have it enabled for some common services (or learn how to do so). Note, these links will probably only work if you’re logged in to your account.

If you know you’re changing phones, make sure you switch to a different device for two-factor authentication (or none whatsoever, temporarily) before you get rid of your old phone. For easy access, here are a few links to where you can change your two-factor settings if you already have it enabled for some common services (or learn how to do so). Note, these links will probably only work if you’re logged in to your account.

  • Google
  • Dropbox
  • Twitter
  • Facebook
  • LastPass: Open LastPass on the web, click Settings > Multifactor Options
  • 1Password
  • Discord
  • Twitch

The process differs from service to service, but the basic principle is the same. You’ll install an app on your new device, scan a barcode or enter a code from the web site in question, and confirm that you’re in possession of the device. In most cases, old authenticators will stop working, so make sure you’re sure before you swap.

If you use SMS, changing phones shouldn’t matter. Simply activate your new phone and the codes will come to your phone number. If you use an authenticator app (we recommend Authy, which we’ll talk about in a bit), you can likely swap your authenticator device via your account settings.

Always write down your one-time backup codes

We can’t stress this enough. Write down your backup codes. Should you ever find yourself locked out of your account for any reason, including the fact that you forgot to disable your authenticator before giving it away (or couldn’t, if your phone was stolen), backup codes are the best and easiest way to regain access to your account. You can then set up a new authenticator, likely generate new backup codes, and be as secure as ever before.

You’ve probably heard that you shouldn’t write down your password, but these one-use codes are an exception. You should definitely print them or or write them down and keep them in a place where you can find them. Ideally, they would be separate from your phone, perhaps in a fireproof box or safe with other important paper documents. Don’t just save them in a Word document on your laptop, because if your laptop ever dies (or gets stolen), you’re out of luck.

Unlike your authenticator codes, these one-use codes don’t change. Most sites will also tell you when they’ve been used, or at least mark them off of the usable code lists. For example, Google offers ten backup codes. When you use one, the list of codes drops from ten to nine (they aren’t replenished immediately), and you get an email saying that the code has been used. This means that even if someone finds your backup codes and uses them to access your account, it would be difficult for them to do so undetected.

Use a third-party authentication app, such as Authy

Illustration for article titled What Happens If I Use Two-Factor Authentication and Lose My Phone?

As we’ve discussed previously, Authy is a great app for managing your two-factor accounts on the iPhone, Android, and even your computer. Not only does this give you a “backup” device in case you lose your phone, since your tokens synchronize between your various devices, but it also makes it very easy to migrate your tokens from one device to another (say, if you’re getting a new phone). Just sync the new device and deauthorize the old one.

In order to set up synced tokens on your devices, you’ll need to first set up Authy as your primary two-factor authentication app. If you’re currently using Google Authenticator or another app to get your codes, you’ll need to go through your accounts and set up Authy, likely using a QR code you’ll have to scan, as if you were switching to a brand-new device. Then, follow these steps to synchronize Authy to a second device:

  1. Open Settings in Authy on your primary device and tap Devices.
  2. Enable “Allow Multi-device.”
  3. On your second device, install Authy.
  4. When you first open the app, it will prompt you for a phone number. Enter the phone number of your primary device.
  5. In the popup that says “Get Account Verification Via”, tap “Use Existing Device.”
  6. On your primary device you will get a notification that asks you to verify the addition of a new device. Tap “Accept.”
  7. Type “OK” in the box prompting you to ensure you approve of this decision.
  8. Go back to Settings on your primary device and tap “Devices” again.
  9. Disable “Allow multi-device.” This prevents any additional devices from being added, while your existing connected devices stay active.

It’s also a good idea to enable a PIN code (or fingerprint/face lock) for all of the devices you’ve connected to Authy. (You’ll need to do this for every device individually in My Account > Security). That way, even if someone gets physical access to your device, it’s harder for them to see your codes….Read more>>

 

Source:-lifehacker

Loading...

Register Form

Name
Email Address
Phone No