So 2FA reset via SMS is bad, which I agree but what are the alternatives to prev...

laurencei · on June 11, 2017

Most major providers like GitHub, Google etc allow you to create "recovery" codes - so you can do a one-off login without 2FA using the code.

I've started getting a recovery code for each of my major accounts, printing it out, then literally putting it in a safe.

prebrov · on June 11, 2017

I use 2FA code generator in cloud-synced 1Password. That endures all software upgrades, unlike Google Authenticator or Authy.

kgilpin · on June 12, 2017

If all this information is in 1Password then I guess you are back down to one factor - your 1Password master password. Which may be ok with you. Just pointing it out.

Shank · on June 12, 2017

If you use an Android phone that's rooted, you can use Titanium Backup to copy your Google Authenticator app data between devices. It's up to you to copy that data somewhere else, but it is a very low level alternative to storing everything in 1Password or similar.

davchana · on June 12, 2017

Even without rooting, just do that that next time when you register for 2FA, save that QR image, or screenshot it, and/or save that 16+ chars string somewhere safe, same as where you save passwords. Phone died/changed/lost? Install Google Auth, rescan that QR/Screenshot.

clebio · on June 11, 2017

TIL. Thank you.

josu · on June 12, 2017

2FA systems have a code that serves as the seed for the token. If you keep this code you can set up 2FA on a new device any time you want without having to reset it. Just be careful securing the code.

MichaelGG · on June 12, 2017

I've had this happen with Microsoft/Office365. Lost access, couldn't get the recovery email. They sent emails and made me wait a day or two before resetting things.