Anyone keep a separate phone for 2FA?
-
- Posts: 415
- Joined: Sun Dec 15, 2019 6:47 pm
Anyone keep a separate phone for 2FA?
With somewhere between 6 and 10 online accounts that use 2FA with an authenticator app now, I was thinking that maybe when I replace my phone, which is probably soon, I'd keep the old phone around to use for the authenticator app. The thought of going through account recovery on all those if I were to lose my phone sounds really annoying. So I'd just leave that old phone at home, since I don't need to use any of those accounts except from my computer, where I'd be less likely to lose it.
Is this an ok idea, or would it be bad to leave the authenticator app home alone on that phone most of the time? Seems more likely I'd lose my phone while out and about than that someone would break in to my home and steal it or whatever. But I haven't thought this through all the way so wondered if anyone else has.
Thanks
Is this an ok idea, or would it be bad to leave the authenticator app home alone on that phone most of the time? Seems more likely I'd lose my phone while out and about than that someone would break in to my home and steal it or whatever. But I haven't thought this through all the way so wondered if anyone else has.
Thanks
Re: Anyone keep a separate phone for 2FA?
Are you willing to keep paying for phone service for a phone that is rarely used?
Do you really want everyone in your address book to have to change their records of what your new phone number is?
Do you really want everyone in your address book to have to change their records of what your new phone number is?
Last edited by celia on Sun Apr 11, 2021 7:52 pm, edited 1 time in total.
Re: Anyone keep a separate phone for 2FA?
not that familiar with authenticator apps but perhaps it only needs home WiFi. I have an old phone that still works fine on WiFi but I have a new phone with the old number. The one question I'd have in that situation is whether the OS gets out of data and creates a different security risk.
Don't trust me, look it up. https://www.irs.gov/forms-instructions-and-publications
-
- Posts: 415
- Joined: Sun Dec 15, 2019 6:47 pm
Re: Anyone keep a separate phone for 2FA?
No, the old phone would not have service. I would move service to the new phone.
Re: Anyone keep a separate phone for 2FA?
What you’re suggesting isn’t a horrible idea but I think keeping a backup of your 2FAs might be easier in the long run.luckyducky99 wrote: ↑Sun Apr 11, 2021 7:46 pm With somewhere between 6 and 10 online accounts that use 2FA with an authenticator app now, I was thinking that maybe when I replace my phone, which is probably soon, I'd keep the old phone around to use for the authenticator app. The thought of going through account recovery on all those if I were to lose my phone sounds really annoying. So I'd just leave that old phone at home, since I don't need to use any of those accounts except from my computer, where I'd be less likely to lose it.
Is this an ok idea, or would it be bad to leave the authenticator app home alone on that phone most of the time? Seems more likely I'd lose my phone while out and about than that someone would break in to my home and steal it or whatever. But I haven't thought this through all the way so wondered if anyone else has.
Thanks
I recommend using an app like OTP Auth that lets you view the 2FA secret so you can move your two factor codes at will.
You could also add a hardware key to your setup if your accounts allow it
-
- Posts: 415
- Joined: Sun Dec 15, 2019 6:47 pm
Re: Anyone keep a separate phone for 2FA?
Thanks I didn't know there were apps that would let you do that. I'll look at OTP Auth. Unfortunately some accounts force you to use Symantec VIP access, which I don't like, but is still better than nothing/text messages.csan wrote: ↑Sun Apr 11, 2021 7:54 pm
What you’re suggesting isn’t a horrible idea but I think keeping a backup of your 2FAs might be easier in the long run.
I recommend using an app like OTP Auth that lets you view the 2FA secret so you can move your two factor codes at will.
You could also add a hardware key to your setup if your accounts allow it
Re: Anyone keep a separate phone for 2FA?
That's what I did. Google Authenticator is running on my main phone, and also on my older, previous phone. Old phone never leaves the house. If my main phone is lost or stolen, I can still access all of my accounts immediately.luckyducky99 wrote: ↑Sun Apr 11, 2021 7:46 pm I'd keep the old phone around to use for the authenticator app.
The trick is that GA has to be seeded with the same code for each account. I have copies of all my QR codes in a password-protected vault, so could use them to set-up a new copy of GA on a different phone, if necessary. Easier, perhaps, is to just sit down with both phones and establish new codes for each account, adding the account to your current phone, and then to your old phone.
Re: Anyone keep a separate phone for 2FA?
Well, you could keep an encrypted file (either on your computer at home, or on a thumb drive that you carry) that stores the TOTP secret keys for those accounts, and just forget about the old phone...if you are willing to use Linux. It is probably available on Windows via Cygwin, or maybe just set up Windows Subsystem for Linux (WSL).luckyducky99 wrote: ↑Sun Apr 11, 2021 7:46 pm With somewhere between 6 and 10 online accounts that use 2FA with an authenticator app now, I was thinking that maybe when I replace my phone, which is probably soon, I'd keep the old phone around to use for the authenticator app. The thought of going through account recovery on all those if I were to lose my phone sounds really annoying. So I'd just leave that old phone at home, since I don't need to use any of those accounts except from my computer, where I'd be less likely to lose it.
Is this an ok idea, or would it be bad to leave the authenticator app home alone on that phone most of the time? Seems more likely I'd lose my phone while out and about than that someone would break in to my home and steal it or whatever. But I haven't thought this through all the way so wondered if anyone else has.
Thanks
You can simply run oathtool, feed it the secret key and it will pop out the six digit TOTP sequence that you can use:
oathtool --base32 --totp=SHA1 "THESECRETKEY"
Regarding Symantec VIP - you know that you do not have to use the Symantec program right? It is just a rebadged TOTP implementation. You can use your preferred authenticator application (or oathtool on Linux) to generate the six digit sequence instead of Symantec VIP.
Just did a quick search - KeePassXC will do TOTP for you too. Possibly the most convenient way to go on your computer.
-
- Posts: 415
- Joined: Sun Dec 15, 2019 6:47 pm
Re: Anyone keep a separate phone for 2FA?
Thanks for all this. Helpful I’ll look into it all in more detail.ErRyTour wrote: ↑Sun Apr 11, 2021 9:13 pmWell, you could keep an encrypted file (either on your computer at home, or on a thumb drive that you carry) that stores the TOTP secret keys for those accounts, and just forget about the old phone...if you are willing to use Linux. It is probably available on Windows via Cygwin, or maybe just set up Windows Subsystem for Linux (WSL).luckyducky99 wrote: ↑Sun Apr 11, 2021 7:46 pm With somewhere between 6 and 10 online accounts that use 2FA with an authenticator app now, I was thinking that maybe when I replace my phone, which is probably soon, I'd keep the old phone around to use for the authenticator app. The thought of going through account recovery on all those if I were to lose my phone sounds really annoying. So I'd just leave that old phone at home, since I don't need to use any of those accounts except from my computer, where I'd be less likely to lose it.
Is this an ok idea, or would it be bad to leave the authenticator app home alone on that phone most of the time? Seems more likely I'd lose my phone while out and about than that someone would break in to my home and steal it or whatever. But I haven't thought this through all the way so wondered if anyone else has.
Thanks
You can simply run oathtool, feed it the secret key and it will pop out the six digit TOTP sequence that you can use:
oathtool --base32 --totp=SHA1 "THESECRETKEY"
Regarding Symantec VIP - you know that you do not have to use the Symantec program right? It is just a rebadged TOTP implementation. You can use your preferred authenticator application (or oathtool on Linux) to generate the six digit sequence instead of Symantec VIP.
Just did a quick search - KeePassXC will do TOTP for you too. Possibly the most convenient way to go on your computer.
As for this
No I had no idea. Don’t really understand this stuff. But to set up a new account in my main authenticator app I need to feed it a private key. I can’t seem to find that in the symantec app. I don’t remember how the symantec one was set up but it was different from most because there was never a qr code/private key involved. I think I just told the site the “credential id” shown by the app, which was “<4 letters><8 digit number>”. I’ll google around for that.
Regarding Symantec VIP - you know that you do not have to use the Symantec program right? It is just a rebadged TOTP implementation. You can use your preferred authenticator application (or oathtool on Linux) to generate the six digit sequence instead of Symantec VIP.
Re: Anyone keep a separate phone for 2FA?
I use an old phone for 2FA. Works great. You do NOT have to be on wifi even.
-
- Posts: 58
- Joined: Wed Nov 02, 2016 9:43 am
Re: Anyone keep a separate phone for 2FA?
When I got a new phone I was able to able to export all 2FA keys from my old phone and import them into the new one. I used google Authenticator app.
Re: Anyone keep a separate phone for 2FA?
I use a Google Voice number for my 2FA. The GV number is free.
Since I only access my accounts via my computer anyway, I just log on to GV to get the authenticating text. No phone required.
Since I only access my accounts via my computer anyway, I just log on to GV to get the authenticating text. No phone required.
-
- Posts: 4074
- Joined: Fri Jan 29, 2016 11:40 am
Re: Anyone keep a separate phone for 2FA?
This is the answer. If you backup Google Authenticator or Microsoft Authenticator it will be seamless.vstariradev wrote: ↑Mon Apr 12, 2021 12:55 am When I got a new phone I was able to able to export all 2FA keys from my old phone and import them into the new one. I used google Authenticator app.
-
- Posts: 21
- Joined: Tue Apr 28, 2020 5:19 pm
Re: Anyone keep a separate phone for 2FA?
Ditto with the cc'd email a burner account so I can still get access to the 2FA pin if I drop my phone in the creek. I know there are a lot more sophisticated measures out there but my paranoia isn't there yet for anything past GV.