1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Changing mobile phone, 2FA, and authenticator apps

Discussion in 'Mobile Phones & Tablets' started by Quartz, 11 Aug 2018.

  1. Quartz

    Capodecina

    Joined: 1 Apr 2014

    Posts: 11,717

    Location: Aberdeen

    At some point I'm going to be changing my mobile phone. I currently use a Lumia 950. Now, I use my phone for 2FA, some via SMS but some - like OCUK - via the authenticator app. As long as I keep my phone number, the SMS authentication will be fine, but I'm worried about the authenticator app issue. Suppose I have the perfect storm of replacing my phone when OCUK demands re-authentication?

    I'm probably worrying over nothing, but I'd like to be sure.
     
  2. bremen1874

    Capodecina

    Joined: 20 Oct 2008

    Posts: 11,458

    Make sure you have a record of the backup codes. Or change it to email (or off) instead.
     
  3. Scam

    Capodecina

    Joined: 20 Oct 2002

    Posts: 13,843

    Location: London

    Just make sure you have an overlap with both phones available? Then go through all websites, login with your old phone’s 2FA and find the security page to reset it or relink a new device. Then scan the barcode on your new phone :confused: Shouldn’t be too difficult.

    I’ll be doing this shortly, I have 12 codes on my personal phone and 4 others on my work phone :o
     
  4. Quartz

    Capodecina

    Joined: 1 Apr 2014

    Posts: 11,717

    Location: Aberdeen

    If my phone breaks, that may not be possible.

    Hmm... I use the Microsoft Authenticator. Are the sites stored against my Microsoft account?
     
  5. Scam

    Capodecina

    Joined: 20 Oct 2002

    Posts: 13,843

    Location: London

    Then you have the choice of turning off 2FA on your accounts until you get your new phone, or risking the wait :)

    The codes are nothing to do with your MS account. You have to login to every single site's security section and find the area where they deal with 2FA. E.g. on this site you can login to this page to manage your settings: https://forums.overclockers.co.uk/account/two-step
    You could either turn off 2FA for the time being, print out your backup codes (this would be a good idea anyway) or link your new phone.

    On Amazon you can go to Your Account › Login & security › Advanced Security Settings for another example.
     
  6. Quartz

    Capodecina

    Joined: 1 Apr 2014

    Posts: 11,717

    Location: Aberdeen

    I already have sets of backup codes.
     
  7. Broken Hope

    Sgarrista

    Joined: 16 Jan 2003

    Posts: 8,790

    Location: Nottingham

    Microsoft Authenticator supports cloud backup on iOS, not sure about Android, I use 1Password personally as it saves my 2FA in the cloud.
     
  8. kindai

    Soldato

    Joined: 9 Aug 2013

    Posts: 6,775

    Location: Bromsgrove

    Lastpass authenticator allows of easy transfer from one phone to another.

    Not sure what moron at google decided it was a good idea to make it so the google authenticator could no longer transfer...
     
  9. AKAK

    Gangster

    Joined: 29 Jan 2018

    Posts: 315

    There are instructions somewhere on transferring but I couldn't make much sense of them so just deactivated then turned it back on for accounts I actively use.
     
  10. Scam

    Capodecina

    Joined: 20 Oct 2002

    Posts: 13,843

    Location: London

    Well the issue is that as soon as you put your codes in the cloud they are susceptible to interception and hacking. It's more secure to not do that...
     
  11. kindai

    Soldato

    Joined: 9 Aug 2013

    Posts: 6,775

    Location: Bromsgrove

    I'd be more worried about hacking my phone if I lost it than the security of lastpass.
     
  12. Scam

    Capodecina

    Joined: 20 Oct 2002

    Posts: 13,843

    Location: London

    Well, at least you'd know if your phone was stolen. Lastpass has been hacked on more than a couple of occasions and is a very big target due to the fact it is one big storage of millions of passwords...