Changing mobile phone, 2FA, and authenticator apps

Soldato
Joined
1 Apr 2014
Posts
19,180
Location
Aberdeen
At some point I'm going to be changing my mobile phone. I currently use a Lumia 950. Now, I use my phone for 2FA, some via SMS but some - like OCUK - via the authenticator app. As long as I keep my phone number, the SMS authentication will be fine, but I'm worried about the authenticator app issue. Suppose I have the perfect storm of replacing my phone when OCUK demands re-authentication?

I'm probably worrying over nothing, but I'd like to be sure.
 
Just make sure you have an overlap with both phones available? Then go through all websites, login with your old phone’s 2FA and find the security page to reset it or relink a new device. Then scan the barcode on your new phone :confused: Shouldn’t be too difficult.

I’ll be doing this shortly, I have 12 codes on my personal phone and 4 others on my work phone :o
 
If my phone breaks, that may not be possible.
Then you have the choice of turning off 2FA on your accounts until you get your new phone, or risking the wait :)

Hmm... I use the Microsoft Authenticator. Are the sites stored against my Microsoft account?
The codes are nothing to do with your MS account. You have to login to every single site's security section and find the area where they deal with 2FA. E.g. on this site you can login to this page to manage your settings: https://forums.overclockers.co.uk/account/two-step
You could either turn off 2FA for the time being, print out your backup codes (this would be a good idea anyway) or link your new phone.

On Amazon you can go to Your Account › Login & security › Advanced Security Settings for another example.
 
Lastpass authenticator allows of easy transfer from one phone to another.

Not sure what moron at google decided it was a good idea to make it so the google authenticator could no longer transfer...
 
There are instructions somewhere on transferring but I couldn't make much sense of them so just deactivated then turned it back on for accounts I actively use.
 
Lastpass authenticator allows of easy transfer from one phone to another.

Not sure what moron at google decided it was a good idea to make it so the google authenticator could no longer transfer...
Well the issue is that as soon as you put your codes in the cloud they are susceptible to interception and hacking. It's more secure to not do that...
 
I'd be more worried about hacking my phone if I lost it than the security of lastpass.
Well, at least you'd know if your phone was stolen. Lastpass has been hacked on more than a couple of occasions and is a very big target due to the fact it is one big storage of millions of passwords...
 
Back
Top Bottom