Anyone keep a separate phone for 2FA?

Questions on how we spend our money and our time - consumer goods and services, home and vehicle, leisure and recreational activities
Post Reply
Topic Author
luckyducky99
Posts: 415
Joined: Sun Dec 15, 2019 6:47 pm

Anyone keep a separate phone for 2FA?

Post by luckyducky99 »

With somewhere between 6 and 10 online accounts that use 2FA with an authenticator app now, I was thinking that maybe when I replace my phone, which is probably soon, I'd keep the old phone around to use for the authenticator app. The thought of going through account recovery on all those if I were to lose my phone sounds really annoying. So I'd just leave that old phone at home, since I don't need to use any of those accounts except from my computer, where I'd be less likely to lose it.

Is this an ok idea, or would it be bad to leave the authenticator app home alone on that phone most of the time? Seems more likely I'd lose my phone while out and about than that someone would break in to my home and steal it or whatever. But I haven't thought this through all the way so wondered if anyone else has.

Thanks
User avatar
celia
Posts: 16774
Joined: Sun Mar 09, 2008 6:32 am
Location: SoCal

Re: Anyone keep a separate phone for 2FA?

Post by celia »

Are you willing to keep paying for phone service for a phone that is rarely used?

Do you really want everyone in your address book to have to change their records of what your new phone number is?
Last edited by celia on Sun Apr 11, 2021 7:52 pm, edited 1 time in total.
jebmke
Posts: 25476
Joined: Thu Apr 05, 2007 2:44 pm
Location: Delmarva Peninsula

Re: Anyone keep a separate phone for 2FA?

Post by jebmke »

celia wrote: Sun Apr 11, 2021 7:49 pm Are you willing to keep paying for phone service for a phone that is rarely used?

Do you really want everyone in your address book to have to change their records of what your phone number is?
not that familiar with authenticator apps but perhaps it only needs home WiFi. I have an old phone that still works fine on WiFi but I have a new phone with the old number. The one question I'd have in that situation is whether the OS gets out of data and creates a different security risk.
Don't trust me, look it up. https://www.irs.gov/forms-instructions-and-publications
Topic Author
luckyducky99
Posts: 415
Joined: Sun Dec 15, 2019 6:47 pm

Re: Anyone keep a separate phone for 2FA?

Post by luckyducky99 »

celia wrote: Sun Apr 11, 2021 7:49 pm Are you willing to keep paying for phone service for a phone that is rarely used?

Do you really want everyone in your address book to have to change their records of what your phone number is?
No, the old phone would not have service. I would move service to the new phone.
csan
Posts: 53
Joined: Mon Apr 01, 2019 4:33 pm

Re: Anyone keep a separate phone for 2FA?

Post by csan »

:sharebeer
luckyducky99 wrote: Sun Apr 11, 2021 7:46 pm With somewhere between 6 and 10 online accounts that use 2FA with an authenticator app now, I was thinking that maybe when I replace my phone, which is probably soon, I'd keep the old phone around to use for the authenticator app. The thought of going through account recovery on all those if I were to lose my phone sounds really annoying. So I'd just leave that old phone at home, since I don't need to use any of those accounts except from my computer, where I'd be less likely to lose it.

Is this an ok idea, or would it be bad to leave the authenticator app home alone on that phone most of the time? Seems more likely I'd lose my phone while out and about than that someone would break in to my home and steal it or whatever. But I haven't thought this through all the way so wondered if anyone else has.

Thanks
What you’re suggesting isn’t a horrible idea but I think keeping a backup of your 2FAs might be easier in the long run.


I recommend using an app like OTP Auth that lets you view the 2FA secret so you can move your two factor codes at will.

You could also add a hardware key to your setup if your accounts allow it
Topic Author
luckyducky99
Posts: 415
Joined: Sun Dec 15, 2019 6:47 pm

Re: Anyone keep a separate phone for 2FA?

Post by luckyducky99 »

csan wrote: Sun Apr 11, 2021 7:54 pm
What you’re suggesting isn’t a horrible idea but I think keeping a backup of your 2FAs might be easier in the long run.

I recommend using an app like OTP Auth that lets you view the 2FA secret so you can move your two factor codes at will.

You could also add a hardware key to your setup if your accounts allow it
Thanks I didn't know there were apps that would let you do that. I'll look at OTP Auth. Unfortunately some accounts force you to use Symantec VIP access, which I don't like, but is still better than nothing/text messages.
CFM300
Posts: 2543
Joined: Sat Oct 27, 2007 5:13 am

Re: Anyone keep a separate phone for 2FA?

Post by CFM300 »

luckyducky99 wrote: Sun Apr 11, 2021 7:46 pm I'd keep the old phone around to use for the authenticator app.
That's what I did. Google Authenticator is running on my main phone, and also on my older, previous phone. Old phone never leaves the house. If my main phone is lost or stolen, I can still access all of my accounts immediately.

The trick is that GA has to be seeded with the same code for each account. I have copies of all my QR codes in a password-protected vault, so could use them to set-up a new copy of GA on a different phone, if necessary. Easier, perhaps, is to just sit down with both phones and establish new codes for each account, adding the account to your current phone, and then to your old phone.
ErRyTour
Posts: 26
Joined: Tue Apr 23, 2019 10:56 pm

Re: Anyone keep a separate phone for 2FA?

Post by ErRyTour »

luckyducky99 wrote: Sun Apr 11, 2021 7:46 pm With somewhere between 6 and 10 online accounts that use 2FA with an authenticator app now, I was thinking that maybe when I replace my phone, which is probably soon, I'd keep the old phone around to use for the authenticator app. The thought of going through account recovery on all those if I were to lose my phone sounds really annoying. So I'd just leave that old phone at home, since I don't need to use any of those accounts except from my computer, where I'd be less likely to lose it.

Is this an ok idea, or would it be bad to leave the authenticator app home alone on that phone most of the time? Seems more likely I'd lose my phone while out and about than that someone would break in to my home and steal it or whatever. But I haven't thought this through all the way so wondered if anyone else has.

Thanks
Well, you could keep an encrypted file (either on your computer at home, or on a thumb drive that you carry) that stores the TOTP secret keys for those accounts, and just forget about the old phone...if you are willing to use Linux. It is probably available on Windows via Cygwin, or maybe just set up Windows Subsystem for Linux (WSL).

You can simply run oathtool, feed it the secret key and it will pop out the six digit TOTP sequence that you can use:

oathtool --base32 --totp=SHA1 "THESECRETKEY"

Regarding Symantec VIP - you know that you do not have to use the Symantec program right? It is just a rebadged TOTP implementation. You can use your preferred authenticator application (or oathtool on Linux) to generate the six digit sequence instead of Symantec VIP.

Just did a quick search - KeePassXC will do TOTP for you too. Possibly the most convenient way to go on your computer.
Topic Author
luckyducky99
Posts: 415
Joined: Sun Dec 15, 2019 6:47 pm

Re: Anyone keep a separate phone for 2FA?

Post by luckyducky99 »

ErRyTour wrote: Sun Apr 11, 2021 9:13 pm
luckyducky99 wrote: Sun Apr 11, 2021 7:46 pm With somewhere between 6 and 10 online accounts that use 2FA with an authenticator app now, I was thinking that maybe when I replace my phone, which is probably soon, I'd keep the old phone around to use for the authenticator app. The thought of going through account recovery on all those if I were to lose my phone sounds really annoying. So I'd just leave that old phone at home, since I don't need to use any of those accounts except from my computer, where I'd be less likely to lose it.

Is this an ok idea, or would it be bad to leave the authenticator app home alone on that phone most of the time? Seems more likely I'd lose my phone while out and about than that someone would break in to my home and steal it or whatever. But I haven't thought this through all the way so wondered if anyone else has.

Thanks
Well, you could keep an encrypted file (either on your computer at home, or on a thumb drive that you carry) that stores the TOTP secret keys for those accounts, and just forget about the old phone...if you are willing to use Linux. It is probably available on Windows via Cygwin, or maybe just set up Windows Subsystem for Linux (WSL).

You can simply run oathtool, feed it the secret key and it will pop out the six digit TOTP sequence that you can use:

oathtool --base32 --totp=SHA1 "THESECRETKEY"

Regarding Symantec VIP - you know that you do not have to use the Symantec program right? It is just a rebadged TOTP implementation. You can use your preferred authenticator application (or oathtool on Linux) to generate the six digit sequence instead of Symantec VIP.

Just did a quick search - KeePassXC will do TOTP for you too. Possibly the most convenient way to go on your computer.
Thanks for all this. Helpful I’ll look into it all in more detail.

As for this

Regarding Symantec VIP - you know that you do not have to use the Symantec program right? It is just a rebadged TOTP implementation. You can use your preferred authenticator application (or oathtool on Linux) to generate the six digit sequence instead of Symantec VIP.
No I had no idea. Don’t really understand this stuff. But to set up a new account in my main authenticator app I need to feed it a private key. I can’t seem to find that in the symantec app. I don’t remember how the symantec one was set up but it was different from most because there was never a qr code/private key involved. I think I just told the site the “credential id” shown by the app, which was “<4 letters><8 digit number>”. I’ll google around for that.
ohboy!
Posts: 911
Joined: Thu Jan 04, 2018 1:21 pm

Re: Anyone keep a separate phone for 2FA?

Post by ohboy! »

I use an old phone for 2FA. Works great. You do NOT have to be on wifi even.
vstariradev
Posts: 58
Joined: Wed Nov 02, 2016 9:43 am

Re: Anyone keep a separate phone for 2FA?

Post by vstariradev »

When I got a new phone I was able to able to export all 2FA keys from my old phone and import them into the new one. I used google Authenticator app.
User avatar
FOGU
Posts: 502
Joined: Tue Apr 24, 2018 9:41 pm
Location: Behind the kit.

Re: Anyone keep a separate phone for 2FA?

Post by FOGU »

I use a Google Voice number for my 2FA. The GV number is free.
Since I only access my accounts via my computer anyway, I just log on to GV to get the authenticating text. No phone required.
dukeblue219
Posts: 4074
Joined: Fri Jan 29, 2016 11:40 am

Re: Anyone keep a separate phone for 2FA?

Post by dukeblue219 »

vstariradev wrote: Mon Apr 12, 2021 12:55 am When I got a new phone I was able to able to export all 2FA keys from my old phone and import them into the new one. I used google Authenticator app.
This is the answer. If you backup Google Authenticator or Microsoft Authenticator it will be seamless.
IdRatherBeHiking
Posts: 21
Joined: Tue Apr 28, 2020 5:19 pm

Re: Anyone keep a separate phone for 2FA?

Post by IdRatherBeHiking »

FOGU wrote: Mon Apr 12, 2021 5:16 am I use a Google Voice number for my 2FA. The GV number is free.
Since I only access my accounts via my computer anyway, I just log on to GV to get the authenticating text. No phone required.
Ditto with the cc'd email a burner account so I can still get access to the 2FA pin if I drop my phone in the creek. I know there are a lot more sophisticated measures out there but my paranoia isn't there yet for anything past GV.
Post Reply