5 upvotes, 1 direct replies (showing 1)
View submission: How to keep your Reddit account safe
I can honestly say that I was a much easier process than having to deactivate 2FA and then reactivate it for each service I use, but you have to be careful.
I wish authenticator makers would figure this out. There should be a way to securely backup and move authenticator settings without having to root (I like Samsung Pay, and I don't want to break Knox by rooting). When I upgraded my phone last month, it was seriously a 3-day process to get all of my 2FA accounts moved over. That sounds worse than it really should have been, mostly because my bank sucks^(1), but it was still a good 2-3 hour process moving over ~95% of the accounts, with a couple outliers that took days.
Yeah, it was painful to do, but I'll still do it because authenticator-based 2FA is far superior to SMS or email-based 2FA.
^(1) My bank uses Entrust for 2FA rather than a normal TOTP authenticator. Normally this would be fine, except their "new soft key" workflow looks something like this:
1. Click the button to create a new softkey
2. Give the key a new name, which will generate a serial and activation code
3. Put the serial number and activation code into the Entrust app
4. Authenticate your current session with your ***EXISTING*** hard or soft key (remember, this is a "move 2FA" scenario, so it assumes you already have 2FA set up -- you won't see this path in a new 2FA scenario)
5. Done
Well, literally every other 2FA setup on the planet has for step 4, "Provide a token from your newly configured device to confirm it's working correctly." After trying and failing (and locking my account 2 different times) and calling support and not getting any help, I finally actually read in detail what was being asked for in step 4, provided my old key from my old phone, and everything worked. But it took 3 days to get to that point, because their UI sucked. If they had only done step 4 first, none of it would've been a problem.
Comment by Hrast at 07/05/2019 at 04:02 UTC
3 upvotes, 1 direct replies
Authy is the thing you're looking for. I factory reset my phone a couple of weeks ago. I enabled adding a new device to my Authy account, installed the app, gave it my passphrase and all my 2FA tokens were back in place. Removed my "old" phone from the device list, disabled adding new devices and I was off.