Proudly made on earth

Never set up two-factor authentication without making a backup. Here’s how

Recently, my phone was stolen. At first, I didn’t think this would be such a big deal: Thank goodness I had encrypted everything on it, so nobody could wreak havoc with my data. A few of my pictures were lost, but that was mostly my fault for not turning on some kind of cloud synchronisation.

What eventually backfired was my blind enthusiasm for two-factor authentication. I had set up my phone as a second factor to log into all of my main accounts: email, banking, web hosting; even that old Tumblr I stopped using a long time ago. While it occurred to me that this might be a problem in case I ever lost or broke my phone, I put it off as an unlikely scenario. Even so, I could always use my backup codes (for the handful of services that support them) or hassle customer support.

Well, several months later I’m finally back to normal and I wish it hadn’t been so stressful. Especially now that I know how easy it is to save and restore your TFA codes, no matter if the service in question gives you a dedicated list of backup codes or not. Here’s how.

Lastly, some disclaimers. This method will allow you to use Google Authenticator (or any such app) on more than one phone. It obviously won’t work with 2FA via SMS, which is horribly insecure and inconvenient anyway. That being said, using a password and SMS is still better than just using a password, so please sign up regardless and simultaneously shame your service for not implementing Time-based One-time Passwords.

Many thanks to the commenter on Stack Exchange who opened my eyes to this.

Florian Lehmuth
19 June 2017

Keine Kommentare

What’s your take?