I’ve always been a strong proponent of two-factor authentication, and now it seems like you really need to use it. Just look at the recent Apple security hole that allowed people to reset your Apple ID password using only your email address and date of birth. If you had enabled two-factor authentication for your account, you wouldn’t have to worry about this issue.
While two-factor authentication can make your account more secure, it can also cause a lot of problems if you accidentally lose your code-generating device.
Just as two-factor authentication requires additional pre-configuration, there is a little server-side configuration that needs to be done to ensure that you can regain access to your account in the event of loss or theft.
I currently have two factor authentication enabled on Google, Dropbox, Facebook, Lastpass.com, iCloud.com and many more sites. After doing a little research, I realized that my backups are not quite ready. I actually pretended to have lost my device and wanted to see how easy it would be to get back.
I am surprised. If you don’t have the correct settings, you can either permanently lock yourself out or spend hours or days trying to convince the support staff that you are the real account owner.
In this article, I’ll take a look at these five sites and explain what you need to do to keep your account secure but recoverable in case you lose your phone and can no longer generate codes.
There are a few things that you should set up in terms of recovering your Google account. To get started, go to your account settings page here:
The first thing you need to do is add a backup email address. A backup email address is more commonly used when you’ve forgotten your password or your account has been hacked, but it’s another mechanism that you can use to get back into your account no matter what’s stopping you from signing in.
Then click “Security” and then “Settings”. Two-Step Verification.
This is where you need to configure your backup options for two-step verification, or at least make sure everything is up to date.
Backup phones and printable backup codes are important aspects here. You must definitely have at least one backup phone, which could be another mobile phone, home phone, etc. Obviously, make sure that this other backup phone is also safe or with someone you trust completely, such as yours. parents or someone else.
My 2 year old daughter played with my iPhone and uninstalled the Google Authenticator app. I was unable to restore it from a backup, so I had to call the backup phone to get it.
The good thing about the extra phone is that if you can’t get a text message on it, you can ask the automated support team to call you and give you the code. Second, print out the backup codes and do not save them on your computer.
It gives you the opportunity, but it’s a terrible idea. You don’t need these codes in digital format. You also don’t want to carry backup codes with you in your wallet. They should be stored securely in one place and only removed when you need them.
The last thing you can do is make one or two computers reliable. Scrolling down the 2-Step Verification Settings page, you can see if the current computer is trusted or not:
Basically, this means that you do not need to enter a verification code on this computer for about 30 days. After that, it asks anyway, but if you lose your phone, you can use a trusted computer to log in and then switch to another phone in two steps, or just turn it off until you have time to set it up again. p>
The two-step Dropbox is similar to Google, but doesn’t have many options. Typically, if you lose your phone, you will have to enter an emergency backup code that they will provide you with when you initially set up two-step verification. If you have already enabled it and can no longer find the code, you should disable 2-step mode and then re-enable it to generate a new emergency fallback code.
After logging into Dropbox, you need to click on your name at the top and then click on “Settings”. Then click on “Security”:
The first thing you need to do is turn off two-step mode if you don’t have an emergency backup code. After you do this and enable two-step mode, be sure to add your backup phone number. I use the Google Authenticator app to generate codes because then you can use your phone as a backup.
If you use SMS on your phone to get the codes, the only backup will be the emergency backup code. That’s why it’s best to install the Google Authenticator app and then use your phone number as a backup. Then you will have two backups in case something goes wrong.
It’s also worth noting that Dropbox also has trusted computers, and if you lose your phone and don’t have any backups available, you can still log in on a trusted computer. But if you lose your phone and you don’t have an emergency code or a backup phone, then you’ve screwed up. Or at least you have to call Dropbox and pray that they will believe you.
For Apple, you can sign in to your account if you have two of the following three items:
1. Apple ID password
2. Access to a trusted device
3. Your recovery key
If you have any combination of these two items, you can go back to your account. Once you’re signed in to your Apple ID, click Password & Security to manage your trusted devices and recovery key. It is recommended to add some trusted devices like phone, spouse’s phone, etc. Currently, trusted devices must support SMS, so you cannot add iPad or something like that.
The next thing to do is print the recovery key or click the “Replace Lost Key” button if you forgot to print it the first time you set up two-step verification. Again, it’s best to just print this rather than save it in any digital format. Digital data is much easier to steal than a piece of paper in a safe or stuff it in some unfamiliar place that only you know about.
LastPass is pretty straightforward in terms of not having access to your codes; they basically have a link that will send you an email which will then temporarily disable Google Authenticator so you can sign in.
LastPass is the one place where you don’t have to do anything extra to access your account again.
The social networking site Facebook
Facebook has login confirmation, which is similar to two-step verification. It’s not as strong as Google 2-Step Verification, but it’s still quite useful and can prevent hackers from gaining access to your account. Login confirmation sends you an SMS message to your phone or you can use the Code Generator in the Facebook app.
I said that Facebook is less strict because it won’t ask for this code when you log in from any of your recognized devices, which is pretty much every device you have ever used to log into the site.
If you lose your phone and you don’t have the Facebook app installed on any other device, you will need to sign in from the recognized device. If you are unable to log in from a recognized device, you need to submit a report and wait indefinitely to gain access back.
So I would install the Facebook app on at least two devices, maybe your phone and tablet, and then make sure you have a couple of computers that are recognized by the devices.
Hopefully this article will give you a little more information on how to make sure you are using 2FA correctly and are not blocking yourself with additional security.
If you haven’t enabled two-factor authentication at all, I highly recommend it and make sure the backup and restore options are set. This way, you will have more peace of mind when everything is working and peace of mind even if your device is lost or stolen. Enjoy!