WingNews logo WingNews
top | item 35692016

(no title)

allday | 2 years ago

Our onboarding docs specifically tell employees to NOT use Google Authenticator precisely because of this issue. I have no idea how Google let this fester for so long, literally if even one (1) person over there was using it and got a new phone, they should have known about the issue.

discuss

order

apocalyptic0n3|2 years ago

Yeah, same with my company. "DO NOT USE GOOGLE AUTHENTICATOR" is littered throughout our Intranet and onboarding docs in bold letters with recommendations for different options. And people still use it and lose their codes all the time.

Now it's tied to the Google Account which means it'll be tied to either their personal or work account and now we have to worry about personal account bans removing their 2FA or when they leave the company, our suspension process killing personal 2FA that were synced via the wrong account.

davchana|2 years ago

The best and safe way is to save qr codes and or strings to a seperate password database (I use keepass).

nanidin|2 years ago

The app has supported bulk QR code export and import for years. This makes it easy to transfer to a new phone, and relatively easy to make physical backups.

hirsin|2 years ago

Which only worked if you had both phones working at the same time... I'd bet a sizable portion of new phone enablements are due to losing the previous phone irrevocably.

ClassyJacket|2 years ago

Nope, you can't screenshot the page, so you can't save the code and can't send it to another phone. This means you can never trade in a phone for a new one and if your phone is lost or stolen you're locked out of all your accounts forever.

They actively added code to prevent you taking screenshots, which is insane but true.

WheatMillington|2 years ago

What if I drop my phone into the lake and need a new phone?

unethical_ban|2 years ago

Interesting - but not good enough. For the threat model TOTP solves, it is not absurd to want Authy-like functionality where codes can be backed up, encrypted, to a cloud service OR like Authone (?) which allows you to export the data to a file.

bobbylarrybobby|2 years ago

Right, just like I can carry a thumb drive around with my files and manually sync between every computer I use. Or just use Dropbox...