According to Find My Phone, my device is somewhere in my house. We can’t hear it ringing but since it’s not out in the wild I’m not panicking yet. Then I remembered 2FA. I am wondering what people do in such a case when they lose access to their authenticator app? I can’t get 2FA access to anything that uses my phone number to reach me, and one platform uses only Authenticator to get me in. What a PITA!
I just tried to sign into my Samsung account on my laptop. I know they have my email address but they wanted to authenticate with my phone number. Dead end. Verizon, same. Good thing I have an iPad with apps for my bank, etc.
Many sites have a “I don’t have access to this device” button. Using that should give you an alternative method for logging in. Though that doesn’t help if the alternative method is texting you a code. You might have to call customer support.
Can you install the authenticator on another device for the time being?
As more and more sites use email/text/apps on phone for 2FA, this is likely to become a problem. Maybe not a huge problem, but big enough to warrant coming up with a solution.
I think between dealing with issues like this, as well as people getting increasingly annoyed with traditional 2FA (text/email/phone call), biometrics will help. It’s a lot easier to have your device, be it a cell phone, tablet, desktop etc, read your fingerprint then screwing around with phone calls and emails going to devices you may or may not have access to at the moment.
Anyways, TLDR, try putting the authenticator on the your iPad and see if that works. I know you don’t need it now, but it would be good to know.
If you were really in a jam, one site mentioned getting a different phone and restoring your phone to that one so you can access 2FA texts or use the authenticator.
Yep, I’m going to activate the biometrics option on my laptop now, which I haven’t bothered with up till now. There is a fingerprint thingy on the keyboard I’ve totally ignored so far but I get it now.
(Good news, my husband found the phone on the floor of his car under the seat. I had looked there but I guess back not far enough. Whew!)
Note to self: If I’m tearing my house apart looking for my phone because Find My Phone says it’s here, go move my car and check it again.
Actually, now that I think about it, I had that happen by accident. Someone at work was looking for their phone but had to go run an errand. As they drove away, I watched the phone go with them. I set off the alarm on the phone, and got a text a few minutes later that they found it.
I actually thought about this when I first started setting up 2FA for various websites.
I didn’t want to be dependent on any one device, so I have always set up authenticator apps in parallel on my phone and tablet (iPhone and iPad). Both generate the same codes.
For websites that use a phone number for 2FA, I add a second phone number to my account if possible (like my work cell). If my phone is permanently lost, I would be contacting my provider ASAP to suspend service on the lost device and getting a new one to replace it.
One of my concerns is that, with so many things going through your phone, including 2FA stuff, someone getting a hold of your phone (and the ability to unlock it), is going to be like having your wallet stolen (and your phone).
I’m glad biometrics are, at least right now, so easy to use. I hate that everything that requires security seems to get harder every few years. At least right now, a finger print is both more convenient and safer than a text message or email.
That may or may not work - depending on what you’re doing and what alternate method(s) you have set up.
My phone deleted its work profile, once, when I was out for a walk. Apparently it thought I was trying to unlock it, when I put it in my pocket - and after 10 “attempts” to log in failed, it wiped out the work profile - which was where I had my authenticator. This was just an annoyance, for most things - but I had an authenticator app for a client project, and the 2FA had to be reset on the server, and nobody knew whom to contact, and it took a MONTH to fix.
My employer laptop (vs my client laptop) has a fingerprint reader, and it was convenient when that was the only laptop I had. I don’t recall whether I ever set it up when I got a replacement last year, though - both that and my client laptop live on a rack, well above my head, and share a monitor / keyboard / mouse via a KVM switch. I tried to find an external fingerprint reader, but when I looked, they either didn’t exist or were quite expensive.
Some laptops have face ID, I’m told.
1Password for desktop will let you unlock it with the fingerprint, which is kind of nice. Supposedly I can also unlock it with the laptop’s PIN, though lately that has not been working. Beats typing that long “master password”.
I have a philosophy honed over time and experience: if you’ve lost something … and you’re going to look for it in a place … check that place thoroughly.
DAMHIKT.
But it seems to resonate with people in this circumstance.
Losing something can induce anxiety, which – in turn – can cause us to rush through the process.
Probably most of us have found that lost thing … IN a place where we already ‘looked carefully.’
Ooohh…could I duplicate the authenticator app this way on my Android phone and my iPad? I always find it a PITA just to have to go retrieve my phone if it’s not near me and I need to get into the one site for which the authenticator is necessary. Would I have to start from scratch?
Agree! I already use it on my phone and tablet. And soon my laptop!
When I broke my right wrist earlier this year, my right hand was slightly swollen for about a month. My phone would not recognize the two fingerprints (thumb and index finger) on my right hand. I was surprised that the reader was that sensitive. Luckily, I also had the phone set up for my left index finger. If your phone allows multiple fingerprints to be registered (my phone allows three), have one from each hand.
Looking through my Sasmsung phone while sitting on hold with the Paid Leave Oregon department (over an hour and a half all told this morning), turns out that in order to use the biometrics/fingerprint security, you also have to set up a PIN/password, and it will require you to put those in every 24 to 72 hours when you use the fingerprint. They claim that it’s additional security in case your phone is lost/stolen. What, is someone going to cut off my finger when they steal my phone? That’s making it rather inconvenient. I don’t even use a PIN on my phone. FWIW, I don’t do any financial anything on my phone, certainly nothing stored on the phone.
Both need to be set up with the same initial QR code. So if you still have a copy of the QR code you used before then you don’t need to start from scratch, but if you don’t you would have to start over.
You might have to reset the 2FA on each site. If it is the kind where you have an app that generates a code, and you type in the code, then it is easy to duplicate in multiple authenticator apps. You’ll usually get a QR code to scan to create the entry. Just scan it on multiple devices. There is also usually a string you can enter, too, and that can be pasted into multiple apps.
Some apps, like Duo, will backup your codes, so if you lose your phone you can reinstall the app, verify you are you, and then it will reload the codes.
Some password managers can also act as an authenticator app, in which case the code is stored however your passwords are stored, and not tied to a specific device.
Yes. In handling the deaths of some older relatives over the last few years, I proved that if I have access to their phone and email, then I could get into any of their accounts. Resetting passwords was easy as long as I had one or both of those two things.
Can you access your email from your phone without entering a password? If so, then consider your phone as having passwordless access to all of your accounts.
I lost my phone a couple months ago. Still haven’t found it. When I called it, it went right to voice message and find my phone app didn’t work either. Just at that moment, my email provider (McGill University) chose that moment to ask for re-authentication. Previously, they had used a program called Authy that ran on my laptop and provided the second factor, but that had been abandoned a month or so earlier. So now the second factor arrived on my phone. So I called the computer centre and they transferred it to my wife’s phone, but it took a while. I have replaced my phone and would like to have it moved back, but there seems to be no way short of going through a human at the CC.
One thing I discovered during this process is that after 87 years on this planet, I have no (usable) fingerprints. I tried to put them on my new phone and they just didn’t register. I’m too old to start a life of crime but… . Of course, now they likely use DNA.
