Why you should have a backup plan if you use 2-factor authentication (2FA)

I constantly see people on various forums, Twitter, Telegram, and Discord complaining about how they are locked out of their 2FA enabled account because they lost or bricked their phone.

2FA stands for 2-Factor Authentication.  One method of 2FA allows you to input a time-based code in addition to your password, via Google Authenticator or similar app.

Image courtesy of google.com (https://support.google.com/a/answer/175197)

When you lose your 2FA code, you will be locked out of your account.   You will then have to open a ticket and then establish your identity with the platform.  This is particularly difficult on crypto related platforms with no KYC (know your customer requirement).  The process can also take a long time, sometimes weeks and months.

Rather than make yourself a victim, there are a number of strategies you can use to eliminate your reliance on a platform to restore your access.  

These include:

-Encrypt your phone and use a difficult passphrase.

This first step relieves some pressure on you to immediately change your 2FA should something go wrong.  It will buy you some time to log in with a backup and change to a new 2FA seed. To be safe, assume the codes on a lost phone will be compromised.

-Create a hard copy of your 2FA QR Code / PSK

When enabling 2FA on a specific account, take a screenshot of the QR code and private key.  Print it out on your personal printer. If it’s not obvious, label it with the site’s name and stick it in a sealed envelope.  Keep this envelope in a safe or secure location. If your phone is bricked, you can just scan in the QR code on your new phone and you’re back in business.  You can also store this screenshot on an encrypted thumb drive. Securely delete any local copies of the screenshot image after you are done. For more information on encrypted thumb drives, refer to: https://steemit.com/cryptocurrency/@joshman/ironkeyd300reviewwhyichosethishardwareencryptedthumbdrive-w72wontkgb

Note: if you are printing sensitive information, you should always check the specs on your printer to verify if it has a hard disk or NVRAM.  In either case: if the printer settings do not allow you to wipe this memory, you might want to consider physical destruction or removal of the internal storage device if you decide to get rid of your printer.

-Keep a backup 2FA phone

If you can’t handle any downtime associated with an out of commision phone, consider keeping a backup phone.  When creating any new accounts or enabling 2FA, scan the QR code with the backup phone at the same time you scan with your primary phone.  Keep this backup phone in a secure location.

Your backup phone doesn’t have to be anything special.  I didn’t bother to buy a sim card for mine, and just use WiFi.  I also set it up to use a VPN. You could potentially also use this phone to backup any mobile crypto wallets.  Just download the wallet software, and import your seed.

For this purpose I bought an unlocked Motorola Moto E(4th Gen).  It supports both encryption and passcode protection. It also has a removable battery.

If you are a member of Amazon prime and don’t mind some pre installed Amazon apps, you can save a few bucks ($124.99) here https://amzn.to/2N4MTxW

Otherwise, you can buy the vanilla version  for $129.99 here: https://amzn.to/2C0faS3

You can utilize this backup phone to provide you temporary access to create a new 2FA key, and/or until you order a new higher-end primary phone.

Leave a Reply

Your email address will not be published. Required fields are marked *