1password Lost 2fa

30-04-2021
 |  [RAND-100] - Comments



  • If you sync 1Password with Dropbox, unlink your lost device and remove 1Password as a connected app: Sign in to your account on Dropbox.com. Click your picture in the top right, and choose Settings. Scroll down to Devices, click next to your lost device, then click Unlink. Click “Connected apps”.
  • Lost 2FA If you lose access to your authentication device, you have to disable 2FA and then enable it again with your new Google Authenticator. Take the 8-digit backup codes that you stored when you enabled 2FA and follow three steps: Step 1.
  • I’ve lost/changed/upgraded my device or Google Authenticator app and don’t have my backup key. If you’ve lost your backup key and don’t have access to your 2FA code, you’ll need to proceed with a step-by-step instruction which described in our chat. I want to move my 2FA tokens to.
  • If you log on into 2FA-protected iCloud with Phone Breaker using a password, you are of course prompted for the second authentication factor as well. This could be a code send to the trusted device as a push notification, or a code generated on the device manually, or (now with the latest version) a code delivered to a trusted phone number as a.
  1. 1password Lost 2fa Code
  2. 1password 2fa Lost Phone
  3. 1password 2fa Recovery Codes
  4. 1password Lost 2fa Fortnite

This page contains troubleshooting steps for the various 2-step verification options provided by Coinbase.

1password Lost 2fa1password

Ideally, no - you should avoid using 1Password to generate OTP, or to store backup codes. This would create a single point of failure. However unlikely it may be, if someone were to gain access to your 1Password account, then it would have totally defeated the purpose of using 2FA, and they would have free reign over all your accounts.

Security Keys

ProblemSolution

My security key isn't working

  • Remove the key from the port and insert again. A light should appear on the key
  • Close and reopen your browser and then try again
  • Clear your cache and cookies from your browser and try again
  • Check to make sure your key supports WebAuthN / Fido2 standard. You can confirm with your key manufacturer
I want to update my security key to a new key
  1. Sign in to your account with your username, password, and 2-step verification code from your old number
  2. Go to your Security Settings page
  3. Select Manage next to the security key name
  4. Under your security key management window, select remove for the key you would like to remove from your account
  5. Select the 2-step verification method to replace the security key
I lost or broke my security key
  1. You will need to first complete account recovery
  2. Once account recovery is complete, your previous security key will be automatically removed and your account will default to SMS as its primary security method
  3. You'll then need to acquire and add another security key
How do I remove a security key?
  1. Go to your Security Settings page
  2. Select Manage, then select Remove (all security keys linked to your account will be removed)
  3. Set up another 2-step verification method

Authenticator

ProblemSolution
I want to move my 2-step verification codes to a new device while maintaining the old device
  1. Sign in to your account with your username, password, and 2-step verification code from your old number
  2. Go to your Security Settings page
  3. Regenerate your secret key (Note: regenerating your secret key will invalidate your old device tokens)
  4. Scan the new secret key with your new Authenticator device
I lost my Authenticator device or appContact our support team and let us know that you've lost both your Authenticator app and phone number.
My codes are not workingCheck that the clock on your device is correct and set to the correct timezone. An incorrect clock can cause codes to be out of sync.

Authy

Issue

Try these actions

I lost my Authy device or app and have a new phone number

Recover your account by selecting the 'Unable to submit a one time code?' link after providing your username and password. Note, this must be done on the Coinbase website, not the mobile application.

For security purposes you will need access to a webcam and pictures of a valid state-issued ID to complete this process. Once completed, you will receive 2-step verification codes by SMS to your verified phone number.

Note: If you do not get this prompt for a code after providing your email address and password, try logging in on an Incognito browser or clearing your cache and trying again.

New Phone Number/SMS/Text

Problem

Solution

I'm not receiving SMS codes

  1. If you're using an Authenticator app or Authy for your 2-step verification codes, you will not receive SMS to your phone. Please use the code from the app to log in
  2. Due to issues with the SMS network itself, codes may be undeliverable to some customers. To prevent this, it is recommended to use an Authenticator app for 2-step verification in your Coinbase account if possible, as they do not require internet connectivity or SMS coverage once configured
  3. Your device's SMS inbox may be full. Please try deleting some messages from your inbox and request a code again
  4. If you've tried to login several times and still have not received the codes, our system may temporarily stop sending the codes as a security measure. After 24 hours we will resume sending codes via SMS message. If you've already waited 24 hours and are still not receiving the codes, check with your phone carrier to see if they are blocking our SMS messages

I got a new phone number and still have my old number

  1. Sign in to your account with your username, password, and 2-step verification code from your old number
  2. Go to your Security Settings page
  3. Verify your new phone number
  4. Set your new phone number as the Primary number
  5. (optional) Delete your old number

I got a new phone number and no longer have my old number

  1. Sign in to your account with your username and password
  2. When prompted for a 2-step verification code, select Code not working?
    Note: If you do not get this prompt after providing your username and password, try logging in on an Incognito browser or clearing your cache and trying again.
  3. You will need to provide the old phone number associated with your account as well as a new phone number. For security reasons, you will then be prompted for:
    1. Images of the front and back of your photo ID
    2. A webcam photo of yourself, taken at the time of the prompt
  4. Once all steps have been completed and a 48-72 hour security waiting period has completed, your phone number will be updated
I got a new phone number and can't remember my old number

Try to remember your old number or find a record of it in your files. Without this number the account recovery process will take much longer.

If you cannot remember or locate your old number, contact our support team and let us know that you don't remember your phone number.

For the fastest resolution, please select Login Issue as the category and 2 Factor Authentication - SMS as the sub-category.

Landline/VOIP

It is not possible to receive 2-step verification codes delivered via voice call. We recommend using an Authenticator app instead of a landline whenever possible.

Tips for a successful Account Recovery

Troubleshooting tips for uploading and verifying your ID:

  • Photos of your ID can be uploaded. They do not have to be taken by the webcam. Try using your phone camera or a scanner to take clear pictures of the ID
  • Take the picture in a well lit area. Natural light works best
  • Try to use indirect light for your ID to avoid glare
  • If your webcam can be moved, try setting the ID flat on a tabletop and moving the camera instead of moving the ID
  • Try to have a plain background, like a white piece of paper. Holding it in your fingers can confuse the focusing lens
  • Use an up-to-date version of the Chrome browser
  • Clear your browser cache, restart the browser, and try again
  • Wait 30 minutes between attempts

Tips for your selfie:

  • Make sure light is coming from in front of you, not behind you, so your face is clearly visible
  • Face the camera directly and try to include from the shoulders to the top of your head
  • Try to have a plain wall as a background
  • Try to have indirect light and no backlight
  • Do not wear sunglasses or hats during this process
  • If you were wearing glasses in your ID photo, try wearing them in your selfie photo. If you were not wearing glasses in your ID photo, try removing them for your selfie photo

I’ve used Authy for several years to generate mytime-based one-time passwords(TOTP)for two-factor authentication(2FA). For variousreasons, I recently migrated to using Bitwardeninstead.

Google Authenticator Issues

Many services recommend using GoogleAuthenticator for 2FA. Ioriginally used it before switching to Authy, but I switched for a reason thatis still valid today: it doesn’t have any sort of backup or syncingfunctionality.

Check out thereviewsto get a sense of how often people get burned by switching to a new phone forwhatever reason and realizing they’ve lost all their codes or need to go througheach service one by one and set up 2FA again.

Google Authenticator is also a neglected app. The Androidappwas last updated on September 27, 2017, and the iOSapp was lastupdated on September 12, 2018. You could argue that these are relatively simpleapps that don’t need frequent updates, but take a look at what other apps likeandOTPand Aegis offer in terms of functionality that GoogleAuthenticator doesn’t have, like being able to search for a service instead ofhaving to scroll though the entire list to find it.

Authy Issues

While I have happily used Authy for several years, I also have some issues withit that caused me to look for a replacement.

No Browser Extension

Authy doesn’t have a browser extension forFirefox, my primary browser. This is aproblem because an extension can offer some protection againstphishing, one of the main securityweaknessesof using TOTP for 2FA. If the extension fails to find an entry that matches thecurrent domain, that can alert me to a possible phishing attempt.

The Chromeextensionalso hasn’t been updated in two and a half years and will no longer besupported goingforward.

No Web Client

Authy doesn’t have a web client. While this could be considered a securityfeature, I’d rather have the option to access my codes through any browser in anemergency. It’s a security vs. usability tradeoff that I’m willing to make.

No CLI Client

Authy doesn’t have a CLIclient. I have some ideas for personal browser automation projects that could beeasier to implement with programmatic access to my TOTP codes.

1password

Mac CPU Usage

I use the Mac desktop program, but when it has a code open, the program usessignificantly more CPU. Here’s the CPU usage when it’s just displaying the listof services.

And here’s the CPU usage when it’s showing the TOTP code.

Since I don’t want the program to unnecessarily drain my laptop battery, I tryto remember to press the back button after copying the code. There’s no optionto automatically go back on copy or to just copy the code from the list viewwithout even seeing the code.

Authentication and Recovery

When you create an Authy account, you have to provide a phone number rather thanan email address or username. I didn’t like this to begin with since I want asfew things tied to my phone number as possible, given how often phone numbersget hijacked.

Authy thenencouragesyou to add the app to your other devices and then disable the multi-devicefeature. This means that your codes will keep working on your existing devices,but to add Authy to a new device, you need access to one of your old ones totemporarily re-enable multi-device and to grant access to the new device. If youdon’t have access to an old device, you have to go through a 24 hour accountrecoveryprocess.

However, I want to be able to regain access to my 2FA codes, even if I’ve lostaccess to all my devices. For example, I could be in a foreign country withoutmy laptop and then lose my phone. I want to have a good contingency plan forthis kind of situation.

Note that Authy doesn’t support an account level password. It does support apassword for your encrypted backups, but you don’t enter that until after youlog in.

Authy also doesn’t support TOTP codes orU2F security keys forprotecting itself. Its sole authentication mechanism (beyond account recoveryprocesses) is access to an old device.

Yubico Authenticator

I considered using my YubiKeys to generate TOTP codesusing YubicoAuthenticator,but a YubiKey can only store32TOTP secrets, and I already have 49 of them since I enable TOTP-based 2FAwhenever possible.

Bitwarden

I currently use LastPass to manage my passwords,but I am going to switch to 1Password soon. I decidedto use Bitwarden as well but solely for TOTP codes. 1Password can also handleTOTP codes, but I am willingto deal with the hassle of having two password managers to avoid using the sameservice for both passwords and 2FA.

By using a password manager for TOTP, I get broad cross-platform support with aweb client, browser extensions, desktop programs, mobile apps, and even a CLIclient. I also get standard authentication mechanisms, including 2FA support.

This does mean that I am treating my TOTP codes more like secondary passwords(something Iknow)rather than as something Ihave.Authy’s requirement to have access to an old device better fits the latterprinciple. This is a deliberate choice on my part.

Note that Bitwarden requires a premium account that costs $10 a year in order togenerate TOTP codes. A premium account also adds U2F support, which I wanted aswell.

Authentication Strategy

U2F support is the last component of my authentication strategy. Going forward,it will be like this: I’ll store passwords in 1Password and TOTP secrets inBitwarden. I’ll use separate, high entropy masterpasswords that will only exist in my head.

1Password requires a secret key inconjunction with the master password in order to log in on a new device. Since Ican’t memorize it, I plan to store my secret key as a staticpasswordon my YubiKeys. This means that if I touch the metal contact for a few seconds,it will type out the secret key for me.

For both services, I’ll add all my YubiKeys for 2FA. This means that all I needis one of my YubiKeys (one of which is on my keychain) and the master passwordsin my head to regain full access to all of my accounts.

However, I can’t guarantee that I’ll be able to use my YubiKey on every device.For example, Bitwarden doesn’tsupport U2F inits mobile apps. I would also be paranoid about feeling like I need two YubiKeyswhen I travel in case I lose one.

My plan to deal with these issues is to also set up TOTP-based 2FA for both1Password and Bitwarden. I’ll print those TOTP secrets, along with the 1Passwordsecret key, on a small card and laminate it. I can make multiple copies to putin my wallet and my bag. Sometimes being overly prepared is fun in itself, eventhough it might be overkill.

1password Lost 2fa Code

Migration

To migrate to Bitwarden, I went through my Authy list one by one. In theory, I’dbe able to just copy the TOTP secret to Bitwarden, but Authy doesn’t expose thesecret.

For each account, I logged in and reset 2FA to add the secret to Bitwarden. ThenI deleted the account from Authy. Authy marks it for deletion and then waits 48hours before actually deleting it in case you made a mistake.

1password 2fa Lost Phone

I did have trouble with adding some services, such asAlgolia and npm, that onlyshow the QR code and don’t have an option to display the TOTP secret. The QRcodes encode URIs that look like this, asdocumentedin the Google Authenticator wiki:

I tried using my phone camera’s built-in QR scanner, but I couldn’t see the fullURI and opening it would open Authy, with no other option. I used GoogleLens instead to grab the secret. In retrospect, I wasonly having trouble because I was adding the services to Bitwarden through thebrowser extension. I should have installed the mobile app from the beginning andused that because it has an option to scan QR codes.

I also had trouble with adding Twitch, which has aspecific integration with Authy instead of providing a generic QR code. To getaround the issue, I followed thisguide.You can use the deprecated Authy Chromeappto retrieve the TOTP secrets and configurations. This method entails usingChrome’s developer tools to execute customcode toprint the information.

This revealed that Twitch uses 7 digit codes instead of the standard 6 and 10second intervals instead of the standard 30.

At this point, I thought I hit a Bitwarden limitation because I mistakenlyassumed that the extension would only take the TOTP secret in the authenticatorkey field.

However, I discovered that Bitwardensupportsputting the full URI with configuration into that field. I tested it and wasable to log in to Twitch using the code generated by Bitwarden.

1password 2fa Recovery Codes

Conclusion

1password Lost 2fa Fortnite

Migrating to Bitwarden took me about a full day, but I’m happy with the result.I’ve been using the Bitwarden browser extension to log in to accounts for thepast week, and it is much nicer than using the Authy desktop program. Next up ismigrating from LastPass to 1Password.