You are viewing a single comment's thread from:
RE: Do YOU have 2FA enabled? Do you use a password manager? The convenience of cutting these corners is NOT worth the risk!
Great post, but I have 1 question I hope you could answer.
What if you lose your phone with the 2FA on it? Is it easy to recover it?
If you are on android there is an, currently unreleased but usable, 2FA generator called "andOTP". In contrast to the mentioned Google Authenticator you can backup the entries with a strong password in an encrypted file. If you lost your phone you can install the app and restore it with the encrypted file. But don't forget the password :)
The app is available on the playstore and as well in the F-Droid store. If you are deeper in programming android or even java you can read the sourcecode on github as well or compile it on your own.
https://play.google.com/store/apps/details?id=org.shadowice.flocke.andotp
https://f-droid.org/packages/org.shadowice.flocke.andotp/
https://github.com/flocke/andOTP
If you are using Authy, it backs up your keys on their servers - but this is less secure for obvious reasons.
For Google Authenticator, you need to back up the key when you set it up. Unless your phone is rooted, you have to make a backup of the QR code that you scan with your phone, or better yet, write down key provided along with the QR code. On a rooted device, you can simply back Google Authenticator up with Titanium Backup (just make sure to backup your Titanium Backup folder to a device other than your phone, and be sure to encrypt the backup since the authenticator secret keys are backed up in cleartext).plain
it is not always easy like Bittrex gives 7 day trade ban on 2FA key recovery request and bitfinex also block ur activities for some time and u need to have SMS recovery.
If it was easy to reset a 2FA token at an exchange, it wouldn't offer any added security. You can avoid having to go through the process if you back up the 2FA secret when you set it up (it's encoded in the QR code you have to scan, and is generally provided in plain text along with the QR code).