Cryptocurrency has never been a hotter topic until now. With Bitcoin and Ethereum hitting all time highs and Shiba Inu coins making the news for ludicrous gains during the year, it is only natural to want to join in on the action.
Most Cryptocurrency exchanges treat security extremely seriously, requiring you to set up a secondary SMS based and/or token based authentication for transactions. But ever wondered what happened if you lost access to any of those methods?
For SMS based authentication, you can restore your number even if you lose your sim card by contacting your telco.But for token based authenticators like Google Authenticator, your authentication set up is gone for good if you uninstall the app or lose your phone.
Imagine being locked out of most of your Crypto accounts, that’s horrible right? Let’s see how we can prevent that.
Google Authenticator
Google Authenticator is the go-to app for token based authentication due to its speed and simplicity, and is what most Crypto exchanges and fintech firms recommend. How it works is that these companies provide you an account linked setup key to add to Google Authenticator and require codes generated by that key to perform certain transactions.
Unfortunately with Google’s name in the app, most people would assume that the setup keys they enter in the app would be synced to their Google’s accounts.
Just looking at the App Store reviews for Google Authenticator, there are many cases of users losing their setup keys when they forget to export the keys to a new phone, or accidentally uninstalling their app.
It is a nightmare scenario for most, having to contact customer service for each account, proving your identity, and waiting a few days before regaining access.
How to secure Google Authenticator
If you are into Crypto, you know private keys and seed phrases. Google Authenticator’s setup keys work in a similar way. Here’s what to do to backup these keys.
1. Turn off your iCloud backup, Google Photos backup, or any other gallery backups to ensure your QR code is not leaked.
2. Launch Google Authenticator
3. Tap on the top right ●●● button, followed by Export accounts
4. Hit continue, select the accounts that you want to backup and tap export
5. Take a screenshot of your QR code and print it out.
Note that if you are using an Android device, you cannot take screenshots of the QR code for security reasons. Use another phone to take a picture instead. Make sure to turn off gallery backups for that phone.
6. Store your physical QR code in a secure location
7. Delete the screenshot of your QR code, including in the trash folder.
8. Turn on your gallery backups
Now that you have a physical QR code, you can simply scan it to restore the setup keys in the event you lose access to your device or the app. Whenever you add a new setup key to Google Authenticator, carry out the above steps to update your QR code.
Cloud Based Authenticators
Of course, people found this process cumbersome and came up with cloud based methods. An example is Authy. Authy works exactly like Google Authenticator, generating time based codes given a setup key.
You have to tie your account to a phone number and email, allowing only one device to have access to the app at one time. This means that you would have to reset your account via your email if you lose access to your phone or app.
This poses another problem. If a single email password is what protects all your setup keys on the app, hackers would have an easy time accessing your accounts by using the same email address to access your codes.
Sure, you can set up 2 factor authentication on your email address to protect your Authy account, to protect your authentication codes. But that essentially reduces your 2 methods of authentication, SMS or token based into 1 when you lose access to your device.
Thoughts
If you’re like me and like the flexibility of having both SMS and token based authentication, printing out your QR code would be the better option to secure your accounts. Else, cloud based authenticators like Authy and LastPass Authenticator are secure options to consider. What do you think of these options? Leave them in the comments below.
Derrick (Yip Hern) founded Tech Composition to provide valuable insights into the tech and finance world. He loves to scour the web for the best deals and embark on software projects during his free time, a typical geek, right?
test