Save your 2FA keys!

[Bryn]

Surely Bitwarden can generate passwords for you otherwise it'll be pointless just offering a vault? I'll stick to Lastpass thanks specially after reading this https://medium.com/@davis.a.brandon/bitwarden-doesnt-care-about-security-59e2ef87870a. Lastpass and Lastpass Authenticator is free whereas with Bitwarden you have to pay for TOTP.

Bitwarden can generate passwords of course. The link you provided discloses up front that the issue is resolved. I didn't switch to Bitwarden for extra security (although I'd assume it's at least as good as LastPass). I switched for the easier to use UI. It used to be a constant PITA to copy passwords, whereas it's incredibly quick and easy with the Bitwarden browser extension. Bitwarden also lets me use my fingerprint on mobile, whereas LastPass refused to. To me, that's not an acceptable balance of convenience vs. security. If my fingerprint is good enough for mobile payments it can also be used with my password manager.

Paying $10 a year is less than half the LastPass Premium cost, and more than reasonable to support quality development. I don't need any fantastic service I use to be free, as it often begs the question as to how the provider is generating revenue.

In any case, using any password manager with a YubiKey 4 makes it exceptionally unlikely that you're going to be hacked. The comfort of the nice Bitwarden UI and a USB/NFC authentication key to cement the level of security is all any consumer is likely to need.

Well, mixing browsers up with secure logins is already a problem. On that site I linked, passwordgenerator that have this in big bold writing further down

8. Do not let your Web browsers( FireFox, Chrome, Safari, Opera, IE ) to store your passwords, since all passwords saved in Web browsers can be revealed easily.

In that article:

I can hear a tiny alarm bell going off inside my head just reading what that guy did. Yes the functionality should be rock solid but I'll tell you what, I just do not.....trust......browers.

Yeah, it's pretty dumb to use password management features in any browser. Also, there's no way of knowing if Bitwarden, LastPass, 1Password etc. are going to get hacked or not. By all indications, they seem to be extremely secure. There's only so much you can do for your online security as an ordinary consumer without greatly inconveniencing your life. Personally, I rate everyone:

- uses any mainstream password manager like Bitwarden
- has USB/NFC 2FA like a YubiKey 4 (which can be acquired cheaply by signing up for WIRED magazine)
- has any of the top performing antivirus solutions on their system
- blocks ads in their browser
- ensures their operating system is up to date
- don't use pirated software and games

Those simple steps give you a unique nightmare password for every website, make gaining unauthorised access to your vault extremely unlikely and largely eliminate your exposure to the most common vulnerabilities like user data hacks on random websites, malicious browser ads and local network malware and viruses.

 

[IOPS]

This hasn't had a reminder bump in a while, so doing just that.
Be responsible, save your 2FA keys.

 

[Wasabee!]

I wouldnt trust lastpass after they have been hacked twice leaking information in recent years.

Where are the encryption keys?

 

[w1z4rd]

If you have 2FA enabled on exchanges and you lose your phone - life is a lot easier with the account key in your posession. Once you scan the QR code and enable 2FA you don't get access to the key again so back it up (write it down) before enabling 2FA.

If you've already enabled 2FA and you don't have the keys...disable 2FA in your exchange account and log out. Log back in to make sure 2FA has been removed, only then remove that sites account from your phone and re-enable 2FA taking note of the key this time.

View attachment 462177
(Not mine, just a pic from google)

Very good advice, I thought it was something google accounts would backup and restore. I was wrong. Took a long time to fix some of the issues caused by that.

 

[The_Ogre]

This hasn't had a reminder bump in a while, so doing just that.
Be responsible, save your 2FA keys.

I did the responsible thing a d saved my 2FA Bittrex key... in a notepad file on my office PC.

This was around a year ago. After the crypto bubble I stopped trading and just left the coins on Bittrex.

In around September or October our IT Support sent out a mail for us to all move our important documents to one of our network drives as they're. rolling out Win10 as well as replacing our local hard drives. Genius that I just, I moved the contents of My Documents.

You'd think I'm making this up, trust me, I'm not.

On 28 December, yes last week, one of my kids messed with my phone which caused my phone to go into a boot loop, I thought I'll just reset to factory settings, "everything is backed up".So I did just that and selected the most frequently used apps from the play store to reinstall. The others, I thought, I'd download as I needed them as I had too many unnecessary apps on my phone anyway.

Today, I checked my bank balance and remembered that January is two months long and I need to look for all my sentjies. The last I thought of was my crypto. So I head over to Bittrex and Chrome autocompletes my details... then we got to the page requesting you to enter the 6 digits from the Authenticator app. Ah, that's easy, I thought, I downloaded it and opened it up. "Product Key", it prompted.

I remembered I saved it in a file on my desktop at work so I log on and start looking around in the folders on my desktop. Hmmm, maybe I've got the name wrong so I try again, and again only after about 5 minutes did I get a lightbulb moment.

And I was like FFFFUUUUUU!!

I'm pretty sure I should have around 500 USD on there. Eish

 

[John Tempus]

You can contact bittrex to get account unlocked for loss of 2fa. They have steps to work through it, just contact them dont just write off what you have on there.

 

[The_Ogre]

You can contact bittrex to get account unlocked for loss of 2fa. They have steps to work through it, just contact them dont just write off what you have on there.

Yeah, thanks. Going to drop them a mail.

 

[Keskky]

Good thing I saw this thread. Wrote down my login credentials on a piece of paper for future use.

 

[phly]

Not long ago - about a year or so I decided to be a millennial kid and use what kids are using these days in terms of security. 2FA was the in thing. And since I had accounts on several exchanges I went round adding them onto this simple yet apparently secure app called google authenticator.

A few months later I got the genius idea to wipe my IOS phone and just start afresh with less junk and apps I dont use. I figured I will be able to get all the apps I need from the app store. Halfway into restoring my apps I installed google authenticator expecting to see all my apps only to see it blank. My heart froze for a few seconds. I did not have much in crypto. But i had use it for services such as discord and even google - so to login it asks for a 2FA code before i can view my emails.

Luckily I had done a backup of my phone and reverted back to it with immediate effect. Not all apps got restored but luckily my authenticator app too was restored WITH all my codes. Began to despise 2FA since that day it raised both my blood pressure and glucose levels. And also realizing that if you dont have the backup key/code you are screwed whilst you reckon your account is super secure.

Lesson Learnt - Backup your 2FA Keys!

 

[saor]

BUMP!

Remember to save your 2FA keys!
Take a screenshot of the QR code & key and save somewhere safe.

Same applies to all your private wallets - keep offline copies of private keys and seed phrases etc. in a safe place.

 

[cbasvi]

Hi, I'm failing to log into my Altcointrader. The 2fa code is refusing, i uninstalled the google authenticator and download again and from there i can't log in using the code from new authenticator. Any idea what i must do

 

[saor]

Hi, I'm failing to log into my Altcointrader. The 2fa code is refusing, i uninstalled the google authenticator and download again and from there i can't log in using the code from new authenticator. Any idea what i must do

If the code is refusing you probably need to contact their tech support and request a lost 2FA / 2FA reset. And change your password too. Weird that your 2FA no longer works.

 

[cbasvi]

If the code is refusing you probably need to contact their tech support and request a lost 2FA / 2FA reset. And change your password too. Weird that your 2FA no longer works.

Yea, because i set it up with the Correct key But whenever i want to put on altcointrader it kept on asking tge code. Maybe i missed out something on setting up the google authenticator, not sure

 

[Speedster]

And use authy instead of Google authenticator in the future

 

[cbasvi]

Google Authenticator doesn't store anything outside of the app on your phone, so when you add a 2FA setup, you have to back up the code elsewhere. An alternative software is Authy which allows you to create an Authy account and store your 2FA setups against that email address which means you don't have to back everything up - you just reinstall the app or install it on another device and log in to your Authy account and your 2FA logins are available.

Right now you have to get hold of Altcointrader. Let us know how that goes. Hopefully they aren't horribly slow to respond.

Hey i have been in contact with them since morning, i asked them to remove the 2FA setup and i send them my ID and written note "Altcointrader 11/09/2020 Removal" but they have been refusing my documents. And i guess now they alrrady knocked off and i want to access my altcoin account.

 

[saor]

Hey i have been in contact with them since morning, i asked them to remove the 2FA setup and i send them my ID and written note "Altcointrader 11/09/2020 Removal" but they have been refusing my documents. And i guess now they alrrady knocked off and i want to access my altcoin account.

If you haven't saved the key there's no other way in.

 

[cbasvi]

BUMP!

Remember to save your 2FA keys!
Take a screenshot of the QR code & key and save somewhere safe.

Same applies to all your private wallets - keep offline copies of private keys and seed phrases etc. in a safe place.
[/QUOTE
I got those keys from my google, where exactly must i put them? Because when i downloaded another Google authenticator i didn't see where i must put those keelys

 

[cbasvi]

If you haven't saved the key there's no other way in.

Where must i put that key

 

[saor]

Where must i put that key

In Authenticator hit the + key to add a new code then select Enter a setup key. But this assumes you lost your key, which you don't seem to have. So your 2FA seems messed up on altcointraders side.

 

[cbasvi]

And account name is my gmail account, right?