I generally have 9-12 of them. Yes they’re one time use but if I can fix whatever fucked up with my 2fa in 9 logins, that’s legit on me.
I wish the Google Auth app had a way to securely securely transfer/copy itself to another device. Then I could just have a device stashed somewhere to fall back on if something happens to my phone.
2 Likes
My solution is, when I had to re-setup Google 2FA after a phone migration, I set up two different devices with the same Authenticator QR code. I can use either one. Technically that weakens the 2FA since there are two devices, but it makes using 2FA and recovery easier. It does make future migration more complicated, because I’d again want to update both.
3 Likes
… That’s actually brilliant.
1 Like
I have exactly one account that lets me manage active 2FA tokens, which is probably the right way to do it.
1 Like
Good advice.
SMS is probably worse than no 2FA at this point. The fact that so many services use it as a default recovery mechanism irks me to no end.
I like Discord and their “oh, you lost your backup codes. That’s a shame. You are welcome to make a new account” policy.