Two factor authentication (2FA) is generally a great security tool. But if you have it enabled on your Apple or Google accounts, this could really come back to bite you in the worst way. Here’s what you need to know.
What is Two Factor Authentication?
Put simply, 2FA gives you additional security for an account over just using your password. The two factors that the name refer to are generally identified as something you know and something you have. The something you know is your password or passcode. The something you have is a physical thing you own. While that can be something like a smart card or USB key, for most people it’s their smart phone.
Generally, 2FA works as follows. When you sign into a site or app, it asks for your password. After you enter a password, you’re asked to enter a code that shows up on your phone. That code might come from an app like Google Authenticator or Authy, or it might come from a text message that the service sends you.
That second layer of security is what makes using 2FA a really good idea. For the most part, additional layers of security are a good thing. Of course, there’s a cloud for every silver lining and, in the case of 2FA, that cloud comes in the form of what happens if you lose your phone. More specifically, what happens if you lose the phone you use for 2FA and then you can’t sign in to the very tools you might use to find your phone because…you know…you don’t have your phone.
When is Two Factor Authentication a Problem?
Here’s the scenario: you have one phone and it gets stolen or lost. Regardless of whether it’s an Android phone or iPhone, you can use the available tracking tools to attempt to locate your lost or stolen phone.
But if it has been turned off, these services won’t be able to locate it. In a panic, you realize that you’ll need to remotely wipe the device. Then it happens: a request for the 2FA code that was sent to your phone. You know, the one you no longer have.
At this point, you’re in trouble. You have no way to input the code, because you can’t get the code. Ergo, you have no way to wipe your device. Just the thought of my private data being out there—even on an encrypted phone with a secured lock screen—is gut churning.
And of course, there’s also the fact that you can no longer use the device to authorize your sign in to other apps and sites.
That’s why it’s important that you take some steps to prevent this situation from every happening in the first place. Don’t wait until it’s too late.
What You Can Do to Protect Your Accounts Right Now
If you want to make sure you never end up in this situation (and really, you should), there are ways to be ready in case this ever happens. Here’s how to do it for both Google and Apple accounts.
For Google Accounts: Save Your Backup Codes
When you set up 2FA on your Google account, it gives you an option to print off backup codes. Do it. If anything happens to your phone and you need to get into your Google account, these codes will be your lifeline.
If you already have 2FA set up on your Google account (which is very likely), you can do this after the fact. First, sign in to your Google Account, and then choose “Signing in to Google” under the Sign in & Security column.
On the next page, click the “2-Step Verification” option. It should re-prompt for your password here.
Scroll to the bottom and find the “Backup Codes” section. Click the “Show Codes” link, and then download and/or print them—just make sure you keep them in a safe place. Seriously, these are important to have on-hand, but you also don’t want to lose them or have the wrong people find them.
If you ever get in a situation where you need to get into your account and you don’t have access to your main 2FA device, you can use those backup codes.
When you sign in and Google requests your code, click the “Having Trouble” link instead.
From there, choose the “Enter One of Your 8-Digit Backup Codes” option.
Enter one of the backup codes, and you’ll be logged in.
For Apple Accounts: Add a Second Phone Number
Apple doesn’t offer backup codes for your account, so the best thing you can do here is add a second phone number to your account—a work phone, spouse’s phone, sibling’s phone…just make it someone you trust and who’s phone you can access in a pinch.
To set it up, go ahead and log in to your Apple account—if you already have 2FA enabled, you’ll need to verify here. That’s why it’s so important to make sure you have a backup system in place.
From there, click the “Edit” button beside Trusted Phone Numbers under the Security section.
Click the “Add a Trusted Phone Number” link
Type the number, choose your method of verification (text message or phone call), and then click the “Continue” button.
Apple will send a code to that device. Once you get the code, type it into the site to add the new number. Done.
Should you ever find yourself in a situation where you need to use this second phone number, you’ll need to click the “Didn’t Get A Verification Code” link, and then select the “Use Phone Number” option.
It will show the last two digits of each phone number here—just choose the one where you need the code sent.
Done and done.
Being locked out of your account during a crucial time like having a missing phone is gut wrenching. By taking a few minutes to save your backup codes or add a second phone number, you can save yourself a lot of frustration and heartache.