/biz/ - Business & Finance

>>7844156
I have a phone which i keep offline just for 2fa

>>7844167
Mine is dying though, or I'd do that.

>>7844156
>not securely storing the 2fa QRs for quick setup

>>7844167
Does it work without a simcard and such?
Do you let the battery go dead all the time?

>Get robbed
>lose my phone
So this is the end?

>>7844280
You only need the auth app.

Also, keep your QR/setup codes as carefully as private keys.

>>7844156
or just use 2fa on your pc

I haven't tried to restore it again, but i backed the 2FA App using Titanium, does anyone know if the keys will still be there if i flash the backup on another phone?

I encrypted the file, it isnt just lying around

>>7844156
>>7845148
use authy

>>7845403
Litterally the dumbest thing to do with your 2FA.

to have to recreate it whilst moving to the new phone is the dumbest thing ever

>>7845424
haha you are retarded.
have you heard about a hardware key? yubico?

>>7845424
why is that? I can boot up my VM and use 2FA there. how is that less secure than keeping it on my phone?

>>7845415
Also, if this doesn't work, would a Nandroid Backup work?

>>7844156
>get mad and throw my phone all the time
>tfw it finally breaks
>tfw locked out of all my shit
Why do I have to be such an angry faggot?

>>7845500
scared of this I'm going to have to revisit all exchanges where the Google Auth is setup

>>7845485
>>7845486
The point of 2FA is to need multiple physical devices to authenticate in case one is compromised.
Yubico is fine as it's another device.

>>7845415
>>7845493
I think you're good with Titanium.

>>7845486
Someone could hack or steal your laptop (maybe you use an insecure password manager, maybe you're logged in to an exchange) and you're fucked.
If you use 2FA as intended (notice the 2, meaning an attacker needs 2 different factors/things) this is much less likely.

>>7845564
You can backup the app with titanium the question is if the Google Auth app won't change spitting the codes due to the HW changes.

>>7845749
It shouldn't show different codes.

https://www.howtogeek.com/130755/how-to-move-your-google-authenticator-credentials-to-a-new-android-phone-or-tablet/

>>7845286
>keep your QR/setup codes as carefully as private keys.
Well I just scanned mine and didn't do anything else with them.

Won't I just get prompted new ones when I set up the authenticator on my new phone?

>>7845528
>get scared enough to revisit all exchanges
>get hacked because you revisited

MY LINK AAAAAAAAAAAAAAAAAAA

>>7845415
I can confirm that this works.

>>7844156
>he doesn't save the backup codes and restore them

Move to a Different Phone

"Other services that use Google Authenticator may not offer this feature, so you may need to disable and re-enable your account or extract your codes instead."

What the fuck did he mean by that ?

https://www.howtogeek.com/130755/how-to-move-your-google-authenticator-credentials-to-a-new-android-phone-or-tablet/

I too can confirm tibackup works for this. I kept my old phone for 2FA backup.

Since i set tibackup to backup my app data to microsd regularly i think someone could steal my phone then restore the backup to another device then steal all my 2FA codes
Don't tell anyone i do this

>>7845935
Assuming you still have your old phone, you'll be able to setup a brand new 2FA, so yes.

use authy and this problem ceases to exist

ITT: google authenticator plebs

>>7846214
some sites don't give backup keys though, I think I've had at least one that hasn't and it confused the shit out of me

>>7846980
The QR is the backup key.

W-what if your phone fails and you don't have the 2FA back-ups?

>>7845500

What the fuck is wrong with you? Grow up.

>>7847518
Website can offer solutions to reset 2FA asking to prove it's you.
Or you could, you know, not be retarded.

>>7846887
THANKS, switched to Authy, the google is bullshit