We are huge fans of authenticator apps to do multi-factor authentication (MFA)! They’re safer than other MFA methods, like using a one-time code texted to your phone number, and we think they make MFA easier for everyone.
Nowadays, you should have MFA turned on for every account. According to Microsoft, MFA makes an account 99% less likely to be hacked than just securing it with a password.
Common authenticator apps include Duo, Google Authenticator, and Microsoft Authenticator. When you log into an account connected to these apps, the authenticator app generates a one-time code that changes every few moments. You must access the authenticator app on your device and use the code to log in to the account you want to access.
Sometimes, the authenticator app itself communicates with the service by having you select a code displayed on your login screen that matches one of a few options that pop up in the authenticator app, or it will ask you to use your biometrics to verify a login request. No code entry required!
These apps are a convenient way to bolster your security, but what happens if you get a new phone? Do you lose access to your accounts if your phone is lost, stolen, or destroyed?
It can be a little complicated, but a lost phone doesn’t mean you need to lose hope.
How stand-alone authenticator apps work
As the name suggests, multi-factor authentication requires more than one “factor” to log into an account. These factors can include:
- Something you know, like a password
- Something you have, like a phone or USB key
- Something you are, like your fingerprint or facial scan
When you log into an account, you use your password (something you know) plus an authenticator app on your phone as the second factor to log in. The code can only be produced by your phone (something you have). Hence, it is MFA-protected.
High-quality stand-alone MFA apps are great because they operate independently of other services, enhancing security by not relying on SMS texts, which can be intercepted. During setup, users can scan a QR code provided by the service they wish to secure, linking the app to their account. Good MFA apps are encrypted, available offline, updated regularly, and usually free.
One aspect that makes them secure is that they are bound to your device, which presents difficulties if you no longer have that device. It’s important to note that in some situations, like if you had no recovery plan in place and your phone was stolen, you might not be able to restore your app, depending on the app. In this case, contact the app’s customer service and the platforms you wish to log into. When you set up an authenticator app, it is a good idea to save recovery codes to your password vault or other secured space in case you lose access to the authenticator app.
How can you lose access to an authenticator app
You can lose access to your authenticator app in several ways:
- You have a new device.
- Your device was lost or stolen.
- Your device was destroyed, like in a fire.
- You deleted the app.
Prepare for the worst-case scenario
Restoring your authenticator apps on a different phone is a lot easier with a little preparation.
In the app, you might have the option to back up account credentials in the cloud. Look at the authenticator app’s settings about backup options. Some accounts have a MFA reset option that uses backup MFA codes, emails, or stronger authentication to reset the MFA. The account service should mention this during setup.
When you set them up for recovery, these apps will provide you with a recovery code, phrase, password, or QR code. PRINT THIS OUT! You can also store it securely on a device, like as a note within a password manager.
Furthermore, sometimes, an authenticator app allows you to set up multiple devices for one account that you can use to get access.
If you haven’t set up a recovery method and still have your device, do it now!
If you are setting up a new device and still have your old one, you can typically transfer your authenticator app account over using a QR code or other restoration method.
What to do if you lose authenticator app access
You have limited options if you lose your phone and never set up recovery options. If you had the authenticator app on multiple devices, you might be able to use this other device as your second factor.
If you have your device but lost access because of a hard reset or deleted the authenticator app, you might be able to restore access through a backup.
If none of these options work, contact the app’s customer service and the customer service for the platform you want to log into.
Remember, work to remotely wipe the data off a lost, destroyed, or stolen device as soon as possible.
What about passkeys?
We love passkeys and we think they are the way of the future. They are like the evolution of MFA. Instead of using a password to log in, you can use a device like your phone. Apple, Amazon, and Google all have passkey options now.
What if you lose all the devices that worked as passkeys, like if all your tech was destroyed when your house was flooded? While different companies have different options, there is often a way to restore “keychain” with your account log-in credentials, a phone number registered in your name, and a device password. Generally, you will have a limited number of attempts to log in before access is revoked forever.
Thanks to Stay Safe Online for this information:
https://staysafeonline.org/resources/how-to-restore-an-mfa-authenticator-app/