What if I lose my phone with Google Authenticator on it ...

How to Disable Google Authenticator in Binance if your phone is lost?

How to Disable Google Authenticator in Binance if your phone is lost? submitted by deepakmba02 to BinanceExchange [link] [comments]

formatted phone, lost access to Google Authenticator, no longer can access binance

I’m really hoping someone can help. I formatted my phone and now have lost access to my Google Authenticator and in return lost access to my account. I’ve submit ticket to binance but with no solution because i do not remember BNB deposit address & amount of BNB & estimated BTC.. Has this happened to anyone else? Has and will binance come thru? I feel totally lost as I sit here and watch my money locked up.
submitted by stan0ne to binance [link] [comments]

Google Authenticator recovery key lost but I can still login on Binance

Dear all,
I have lost my google Authenticator recovery key. Do you know how to get another copy? I'm not having any problem logging in with 2FA at the moment, but I'm just backing up all my stuff and recovery keys for other exchanges and realize that i have not made a copy of the one for Binance. Do i need to disable 2FA and just create a new one?
Thanks in advance
submitted by sniappo to BinanceExchange [link] [comments]

Lost access to google authenticator and as a result, also to binance

I had trouble with google support so i thought I'd ask here. I uninstalled google authenticator thinking i could reinstall it and log in using my phone number or google account. It seems that is not the case. I used google authenticator for my binance account which, without the authenticator, i no longer have access to. How can i recover my GA account? Thanks in advance!
submitted by swellfellow33 to CryptoCurrency [link] [comments]

Lost my Google Authenticator code for Binance

I accidentally deleted my google authenticator code for Binance and I didn't back it up or write it down! I know i'm stupid and I didn't realise at the time! How do I access my account now or remove the Google authenticator 2 step requirement from my account?
submitted by simondo1 to binance [link] [comments]

Lost Phone but Binance Submit Google Authenticator Reset Ticket Page is Broken

What do I do??? I'm hoping I can get help here but Binance's own website sends me to a broken down website page when I try to click the link to send in 3 identification documents? No idea what I can do
submitted by alecinct123 to binance [link] [comments]

The events of a SIM swap attack (and defense tips)

Posted this on Coinbase and someone recommend it also be posted here. The information below on an attempted SIM swap attack was pieced together through a combination of login and security logs, recovering emails initiated by the attacker that were deleted and then deleted again from the trash folder, and learning from AT&T’s fraud representatives. The majority if this is factual, and we do our best to note where we are speculating or providing a circumstantial suspicion. TLDRs at the bottom.
The full story:
We were going about our business and received a text from AT&T that says “…Calls & texts will go to your new phone/SIM card. Call 866-563-4705 if you did not request.” We did not request this, and were suspicious that the text itself could be a phishing scam since we searched the phone number and it wasn’t overtly associated with AT&T. Thus, we tried calling AT&T’s main line at 611 but all we hear is beep beep beep. The phone number is already gone. We use another phone to call AT&T and at the same time start working on our already compromised email.
While we didn’t see everything real time, this is what the recovered emails show. In less than 2 minutes after receiving the text from AT&T, there is already an email indicating that the stolen phone number was used to sign into our email account associated with Coinbase. 2 minutes after that, there is an email from Coinbase saying:
"We have received your request for password reset from an unverified device. As a security precaution, an e-mail with a reset link will be sent to you in 24 hours. Alternatively, if you would like your password reset to be processed immediately, please submit a request using a verified device.
This 24 hour review period is designed to protect your Coinbase account."
This is where Coinbase got it right to have a 24 hour review period (actually a recovery period) before allowing the password to be reset. However, the attackers knew this and planned to steal the second email from Coinbase by setting email rules to forward all emails to a burner address and also have any emails containing “coinbase” re-routed so they don’t appear in the Inbox. 5 minutes later, they request a password reset from Gemini and the password was reset to the attacker’s password within a minute after that. The next minute they target and reset DropBox’s password followed immediately with Binance. Less than 2 minutes later, an email from Binance indicates that the password has been reset and another email arrives a minute later indicating a new device has been authorized.
It’s at this point that we begin locking the attacker out by (1) removing the phone number as 2FA (2) changing the email password, (3) and three forcing a logout of all sessions from the email. There was a bit of back and forth where they still had an active login and re-added the stolen phone number as 2FA.
They added only one more password reset to a gaming account that was not deleted. I can only suspect that was a decoy to make it look like the attack was directed at gaming rather than finances.
The Gemini and Binance accounts were empty and effectively abandoned, with no balances and inactive bank accounts (if any), and no transactions in 1-3 years. DropBox had no meaningful files (they probably look for private keys and authenticator backups) and the phone number they stole from us was suspended, so as far as the attacker is concerned, there is no meat on this bone to attack again… unless they had inside information.
This is where I suspect someone internal at Coinbase receiving wire deposits has been compromised in tipping off ripe accounts – accounts with new and somewhat large balances. We had completed a full withdrawal of funds from Coinbase earlier in the year, and had a balance of less than $20 heading into May. Deposits to Coinbase staggered in to get above six figures through mid-May then stopped. The attack occurred 7 days after the last large wire deposit was made to Coinbase.
From the perspective of an attacker that had no inside information, we were a dead end with abandoned Gemini and Binance accounts with zero balances and stale transactions, no DropBox information, and the suspended phone number access. Our Coinbase deposits were known to no one except us, Coinbase, and our bank. We were also able to stop the hacker’s email forwarding before Coinbase’s 24 hour period to send the password reset, so this one didn’t work out for the attackers and it would make sense for them to move on to the next rather than put efforts into a second attack only for Coinbase - for what would appear to be a zero-balance Coinbase account based on the other stale accounts.
Then…23 hours and 42 minutes after the first attack, another message from AT&T “…Calls & texts will go to your new phone/SIM card. Call 866-563-4705 if you did not request.” Here we go again. We had been confident in AT&T’s assurances that our account had been locked and would not be SIM swapped again, so we unwisely added the phone number back to our email account as a backup (it’s now removed permanently and we use burner emails for account recovery like we should have all along).
Upon seeing that our phone number had been stolen again I knew they were after the Coinbase reset email that was delayed by 24 hours from Coinbase as part of their security. We did 4 things within 2 minutes of that text: (1) removed the phone number again from the email account – this time for good, (2) market sell all Bitcoin on Coinbase, (3) withdraw from Coinbase, (4) have AT&T suspend service on the phone line.
In speaking with AT&T, they were floored that our SIM would be transferred again in light of all the notes about fraud on the account and the PIN being changed to random digits that had never been used by us before. Based on the response of disbelief from AT&T on the second port, I suspect that this attack also involved a compromised AT&T employee that worked with the attacker to provide timely access to the Coinbase password reset email. Apparently, this has been going on for years: https://www.flashpoint-intel.com/blog/sim-swap-fraud-account-takeove
with phone carrier employees swapping SIMs for $80s a swap.
Remember that most of this was hidden in real time, and was only known because we were able to recover emails deleted from Trash by the attacker.
Since we require any withdrawals to use Google Authenticator on Coinbase, our funds may have been secure nonetheless. However, under the circumstances with attackers that were apparently working with insiders to take our phone number twice in attempts to steal Bitcoin, and it being unknown if they had additional tools related to our Google Authenticator, we decided it was safer on the sidelines. The coins were held on the exchange for a quick exit depending on whether Bitcoin was going to break up or down from $10,000. A hardware wallet is always safest, but we were looking to time the market and not have transaction delays.
For some some security recommendations:
AT&T: If you are going to send a text saying that calls and texts are moving to a new number, provide a 10 minute window for the phone number to reply with a “NO” or “STOP” to prevent the move. This can escalate the SIM dispute to more trusted employees to determine who actually owns the line. Don’t let entry level employees swap SIMs.
Coinbase: Do not default to phone numbers as 2FA. Also, if someone logs in successfully with the password before the 24 hours are up, the password is known and there is no need to send the password reset email again for attacker to have forwarded to them. At least have an option to stop the password reset email from being sent. We did not tag our account at Coinbase with fraud because of the stories of frozen funds once an account is tagged. I’m not sure what the solution is there, but that is another problem.
Being a trader, it would be nice to think of Coinbase as any other type of security brokerage where your assets are yours (someone can’t steal your phone number and transfer your stocks to their account). We fell into that mindset of security, yet this experience has reminded us of the uniqueness of cryptocurrency and the lack of custodial assurance and insurance from exchanges because of the possession-is-everything properties of cryptocurrency.
As many have said before, 2FA with a phone number quickly becomes 1-factor authentication as soon as that phone number is associated with password recovery on your email or other accounts. Our overall recommendation is to avoid having a phone number associated with any recovery options across all your accounts.
TLDR on the process:
Scammers will steal your phone number (in our case twice in 24 hours) and use your phone number to access your email and accounts. They will use your email to reset passwords at financial accounts and file hosting such as DropBox. They will then use that combination to transfer any assets they can access from your accounts to theirs. They will do their best to hide this from you by
(1) not resetting your email password so as to raise suspicion,
(2) immediately delete any password reset emails you may receive from financial accounts to hide them from you,
(3) attempt to forward all emails sent to your address to a burner email, and
(4) set email rules to forward emails containing “coinbase” to an email folder other than your Inbox so that you don’t see the transactions and password reset emails that arrive to your inbox.
TLDR on defense tips: If your phone stops working or you receive a text of your number being ported do the following as soon as possible:
(1) log into your email account(s) associated with your financial accounts and remove your phone number as 2FA immediately
(2) change your email password,
(3) force a logout of all sessions from your email (at this point you have locked them out), then
(4) check your mail forwarding settings for forwards to burner addresses,
(5) check your mail rules for rerouting of emails from accounts such as Coinbase, and
(6) call your carrier to have them suspend service on your lost phone number and ask them to reinstate your SIM or get a new SIM. This will require a second phone because your personal phone number has been stolen.
We hope this helps some others be safe out there in protecting their coins. The more we know, the more we can protect ourselves. Wishing you all the best!
submitted by etheregg to CryptoCurrency [link] [comments]

The events of a SIM swap attack directed at Coinbase (and defense tips)

The information below on an attempted SIM swap attack was pieced together through a combination of login and security logs, recovering emails initiated by the attacker that were deleted and then deleted again from the trash folder, and learning from AT&T’s fraud representatives. The majority if this is factual, and we do our best to note where we are speculating or providing a circumstantial suspicion. TLDRs at the bottom.
The full story:
We were going about our business and received a text from AT&T that says “…Calls & texts will go to your new phone/SIM card. Call 866-563-4705 if you did not request.” We did not request this, and were suspicious that the text itself could be a phishing scam since we searched the phone number and it wasn’t overtly associated with AT&T. Thus, we tried calling AT&T’s main line at 611 but all we hear is beep beep beep. The phone number is already gone. We use another phone to call AT&T and at the same time start working on our already compromised email.
While we didn’t see everything real time, this is what the recovered emails show. In less than 2 minutes after receiving the text from AT&T, there is already an email indicating that the stolen phone number was used to sign into our email account associated with Coinbase. 2 minutes after that, there is an email from Coinbase saying:
"We have received your request for password reset from an unverified device. As a security precaution, an e-mail with a reset link will be sent to you in 24 hours. Alternatively, if you would like your password reset to be processed immediately, please submit a request using a verified device.
This 24 hour review period is designed to protect your Coinbase account."
This is where Coinbase got it right to have a 24 hour review period (actually a recovery period) before allowing the password to be reset. However, the attackers knew this and planned to steal the second email from Coinbase by setting email rules to forward all emails to a burner address and also have any emails containing “coinbase” re-routed so they don’t appear in the Inbox. 5 minutes later, they request a password reset from Gemini and the password was reset to the attacker’s password within a minute after that. The next minute they target and reset DropBox’s password followed immediately with Binance. Less than 2 minutes later, an email from Binance indicates that the password has been reset and another email arrives a minute later indicating a new device has been authorized.
It’s at this point that we begin locking the attacker out by (1) removing the phone number as 2FA (2) changing the email password, (3) and three forcing a logout of all sessions from the email. There was a bit of back and forth where they still had an active login and re-added the stolen phone number as 2FA.
They added only one more password reset to a gaming account that was not deleted. I can only suspect that was a decoy to make it look like the attack was directed at gaming rather than finances.
The Gemini and Binance accounts were empty and effectively abandoned, with no balances and inactive bank accounts (if any), and no transactions in 1-3 years. DropBox had no meaningful files (they probably look for private keys and authenticator backups) and the phone number they stole from us was suspended, so as far as the attacker is concerned, there is no meat on this bone to attack again… unless they had inside information.
This is where I suspect someone internal at Coinbase receiving wire deposits has been compromised in tipping off ripe accounts – accounts with new and somewhat large balances. We had completed a full withdrawal of funds from Coinbase earlier in the year, and had a balance of less than $20 heading into May. Deposits to Coinbase staggered in to get above six figures through mid-May then stopped. The attack occurred 7 days after the last large wire deposit was made to Coinbase.
From the perspective of an attacker that had no inside information, we were a dead end with abandoned Gemini and Binance accounts with zero balances and stale transactions, no DropBox information, and the suspended phone number access. Our Coinbase deposits were known to no one except us, Coinbase, and our bank. We were also able to stop the hacker’s email forwarding before Coinbase’s 24 hour period to send the password reset, so this one didn’t work out for the attackers and it would make sense for them to move on to the next rather than put efforts into a second attack only for Coinbase - for what would appear to be a zero-balance Coinbase account based on the other stale accounts.
Then…23 hours and 42 minutes after the first attack, another message from AT&T “…Calls & texts will go to your new phone/SIM card. Call 866-563-4705 if you did not request.” Here we go again. We had been confident in AT&T’s assurances that our account had been locked and would not be SIM swapped again, so we unwisely added the phone number back to our email account as a backup (it’s now removed permanently and we use burner emails for account recovery like we should have all along).
Upon seeing that our phone number had been stolen again I knew they were after the Coinbase reset email that was delayed by 24 hours from Coinbase as part of their security. We did 4 things within 2 minutes of that text: (1) removed the phone number again from the email account – this time for good, (2) market sell all Bitcoin on Coinbase, (3) withdraw from Coinbase, (4) have AT&T suspend service on the phone line.
In speaking with AT&T, they were floored that our SIM would be transferred again in light of all the notes about fraud on the account and the PIN being changed to random digits that had never been used by us before. Based on the response of disbelief from AT&T on the second port, I suspect that this attack also involved a compromised AT&T employee that worked with the attacker to provide timely access to the Coinbase password reset email. Apparently, this has been going on for years: https://www.flashpoint-intel.com/blog/sim-swap-fraud-account-takeove with phone carrier employees swapping SIMs for $80s a swap.
Remember that most of this was hidden in real time, and was only known because we were able to recover emails deleted from Trash by the attacker.
Since we require any withdrawals to use Google Authenticator on Coinbase, our funds may have been secure nonetheless. However, under the circumstances with attackers that were apparently working with insiders to take our phone number twice in attempts to steal Bitcoin, and it being unknown if they had additional tools related to our Google Authenticator, we decided it was safer on the sidelines. The coins were held on the exchange for a quick exit depending on whether Bitcoin was going to break up or down from $10,000. A hardware wallet is always safest, but we were looking to time the market and not have transaction delays.
For some some security recommendations:
AT&T: If you are going to send a text saying that calls and texts are moving to a new number, provide a 10 minute window for the phone number to reply with a “NO” or “STOP” to prevent the move. This can escalate the SIM dispute to more trusted employees to determine who actually owns the line. Don’t let entry level employees swap SIMs.
Coinbase: Do not default to phone numbers as 2FA. Also, if someone logs in successfully with the password before the 24 hours are up, the password is known and there is no need to send the password reset email again for attacker to have forwarded to them. At least have an option to stop the password reset email from being sent. We did not tag our account at Coinbase with fraud because of the stories of frozen funds once an account is tagged. I’m not sure what the solution is there, but that is another problem.
Being a trader, it would be nice to think of Coinbase as any other type of security brokerage where your assets are yours (someone can’t steal your phone number and transfer your stocks to their account). We fell into that mindset of security, yet this experience has reminded us of the uniqueness of cryptocurrency and the lack of custodial assurance and insurance from exchanges because of the possession-is-everything properties of cryptocurrency.
As many have said before, 2FA with a phone number quickly becomes 1-factor authentication as soon as that phone number is associated with password recovery on your email or other accounts. Our overall recommendation is to avoid having a phone number associated with any recovery options across all your accounts.
TLDR on the process:
Scammers will steal your phone number (in our case twice in 24 hours) and use your phone number to access your email and accounts. They will use your email to reset passwords at financial accounts and file hosting such as DropBox. They will then use that combination to transfer any assets they can access from your accounts to theirs. They will do their best to hide this from you by
(1) not resetting your email password so as to raise suspicion,
(2) immediately delete any password reset emails you may receive from financial accounts to hide them from you,
(3) attempt to forward all emails sent to your address to a burner email, and
(4) set email rules to forward emails containing “coinbase” to an email folder other than your Inbox so that you don’t see the transactions and password reset emails that arrive to your inbox.
TLDR on defense tips: If your phone stops working or you receive a text of your number being ported do the following as soon as possible:
(1) log into your email account(s) associated with your financial accounts and remove your phone number as 2FA immediately
(2) change your email password,
(3) force a logout of all sessions from your email (at this point you have locked them out), then
(4) check your mail forwarding settings for forwards to burner addresses,
(5) check your mail rules for rerouting of emails from accounts such as Coinbase, and
(6) call your carrier to have them suspend service on your lost phone number and ask them to reinstate your SIM or get a new SIM. This will require a second phone because your personal phone number has been stolen.
We hope this helps some others be safe out there in protecting their coins. The more we know, the more we can protect ourselves. Wishing you all the best!
submitted by etheregg to CoinBase [link] [comments]

Binance is keeping my money and doesn't solve my multiple tickets! 1 year of submitting tickets not solved yet !!

I opened 1 Binance account during the 2017 bull run with a little money then lost the google authenticate so I was trying to get that solved through support tickets but it was taking so long since their support was slammed at the time so I opened a second account to be able to continue trading.
at some point, the google authenticator was reset on the first account so now I had 2 accounts, all good it seemed.
sometime in early 2019 I decided I wanted to sell out of all the junk on my account and liquidate to BTC and ETH and move it all to coinbase for safety reasons, when trying to do this Binance thought it was probably someone hacking the accounts and stealing the funds because I guess if someone stole an account that would be the move they would do, so they froze the two accounts and asked me to verify my identity, fair enough so I did, but here comes the problem. you can only own 1 Binance account per identity, so I was able to verify one but the second one doesn't ever get accepted even if I use a different proof of ID, for example, passport instead of ID card. I keep submitting tickets at first they asked me impossible questions like whats your IP address when you opened the account but I changed internet providers since then so have no idea, also it might have been in a free wifi zone of a restaurant really not sure where I opened it was like 2-3 years back. And other questions like what day did you open it... who would possibly know that for something 2-3 years back. At this point, they don't even answer the tickets! they just go unanswered
I don't know what to do when I opened the account I invested around 20,000$ I think, now its only worth around 4,000$ but they will not give it back. this has been going on for a year and it feels like they stole the funds from me!
this is my help ticket on Binance: 2406883
if someone from Binance is looking at this, can you please send my funds back to me I just want control on my funds, at this point, I have been submitting tickets for a year!!!! just please give me back my crypto!
submitted by dmaster1 to binance [link] [comments]

Scammed out of my XRP (Support)

Is there any support from Binance that can track down a wallet address and see where the XRP is? I know crypto is wild and full of scams but I am just curious. Was recently scammed out of 51k XRP.
submitted by mikedipalermo to binance [link] [comments]

How to get back my 2FA account when I have backup codes ?

So I don't have access to my old phone, but I have my google backup code. When scanning the QR code from google authenticator I only get my google account in google Authenticator. Now I have the backup codes from my google account, which I assumed would allow me to recover my cryptocurrencies 2FA accounts, but I don't see anywhere where I can input those codes.
Last time I lost my phone I had to ask binance etc with pictures to get my 2FA reset. I hope I don't have to do that again!? If so how can I prevent this beside not losing my phone ?
submitted by k0ntrol to CryptoCurrency [link] [comments]

How was $24 million in bitcoin stolen from someone using Google Authenticator

https://www.wsj.com/articles/he-thought-his-phone-was-secure-then-he-lost-24-million-to-hackers-11573221600
Per the above story (open in incognito mode to avoid paywall), Terpin was using Google Authenticator:
"Mr. Terpin believes employees at an AT&T authorized dealer handed hackers control of his phone number, and those hackers found a way into his digital wallets by breaking into accounts of his that couldn’t be protected by Authenticator.
“On a scale of 1 to 10, I’d say my security protections were a 9.8 or higher,” he said. “But these hackers, all they do is they sit around in a basement and figure out ways of hacking people.”"
The first lesson is to not leave $24 million in hot storage, but if you're in the process of buying or selling bitcoin for fiat online you will eventually be somewhat vulnerable. So I'm wondering, how would a hacker get into say a Binance or Coinbase account of someone who has Google Authenticator enabled (which both support)? The only way I can think is that the hacker would impersonate Terpin and contact Binance/Coinbase and say they lost their phone and need to recover the account. I believe this method takes several days at least during which Terpin would know his phone was stolen and he'd be able to at least call Binance/Coinbase and tell them to freeze his account. Is something not adding up?
submitted by chucknorrisjunior to Bitcoin [link] [comments]

$50,000 Still Locked On Binance, Will Never Gain Access

Hello, to give some backstory to how I was initially hacked here is a post I made that somehow ended up being top post on this sub: https://www.reddit.com/CryptoCurrency/comments/8pyha5/my_binance_account_with_50k_has_been_hacked/
Since this happened I have had a very long month of speaking with Microsoft support everyday to try and retrieve my hacked email and they finally came to a conclusion. They told me to submit X information and I did, after waiting a month for a response they have said they fully acknowledge I am the account owner but with any Hotmail account that has had fraudulent activity on it what they do is indefinitely suspend the account and cannot give me access back to it. In turn I have lost a lot more then this Binance account, but almost my whole career unfortunately. But sticking to the topic of Binance they will not allow me to regain access unless I send the support ticket through the email associated with the account which is literally impossible as it has been suspended forever and no one can access it. I have the phone number, the google authenticator, the 2 step verification photos on the account are me, and prior to being locked out of the account I was instructed by a member of the Binance team named Jager to submit a photo of myself with my passport and a note that says "Please change my email to Be*****@gmail.com" which I did. So I have undeniable proof that I am the owner of this Binance account but they need the ticket to be submitted from the email associated with the account and Microsoft will not give anyone access to the email and has suspended it forever making this impossible. I am in the process of suing my phone provider Rogers which caused this whole problem in the first place and they have claimed full responsibility for what has happened. We are moving forward with the case very soon, so at least there is still some hope.
What to take from this: Don't use Hotmail
submitted by BeanThe5th to CryptoCurrency [link] [comments]

PSA - Write down the backup codes for your 2FA authenticators NOW

Hey guys - So the inevitable actually happened. Broke my phone and now I've lost access to all my crypto because I was stupid enough to not write down the backup codes for all my 2FAs in Google Authenticator.
Now I'm jumping through hoops to try to gain access to Binance again. Answering questions, validating ID, sending photo proof, doing facial recognition... seriously, really not worth the hassle when I should have just wrote down my 2FA backup codes.
Just wanted to share my experience and a valuable life lesson.
submitted by opheliawnik to CryptoCurrency [link] [comments]

A big heads up to all of you, Google Authenticator DOES NOT SAVE your info account wide, if you don't have your keys or you lose/break your device you are screwed.

Recently my phone bootlogged itself (nexus 5x). I had the majority of my backup keys saved for sites I used Google Authenticator on. For some reason I didn't save a couple because I figured it saved account wide, and they had little to no money/value to me so didn't mind. Well I found out the hard way that it doesn't save account wide. I was able to get back access to my phone by using the oven trick on my mb so that my phone would work for a couple minutes and used the authenticator to log in and shut off f2a on sites I didn't have the backup keys for. Only $160ish eth was at risk here for me. But after talking to other people I've found many people are under the same (stupid) notion I was that the Google Authenticator app saved account wide like many of the google apps do.
For some sites like coinbase and coss they have no issues turning off your f2a if you provide the correct documentation, but there are some sites out there that won't. Be careful with your money and always have backups. This is why the best solution is still desktop/hardware wallets imo, but even with those you still need to be careful and keep backups of everything.
Sorry for the rant, but if this helps one person I'll be happy.
TL;DR Google Authenticator and many authenticator apps don't save account wide, if you lose your device or your backup keys you can be SCREWED.
Edit: My original post wasn't clear. To clarify Google does NOT save your third party authentication information on it's cloud it is only saved on the device you took that QR picture of. If your phone is lost this info is lost unless you saved a master key from when you signed up for that third party 2fa. The emergency keys google gives are for google services ONLY. They will not work on getting past the 2fa on binance for instance. SAVE YOUR MASTER KEYS!
double edit: My first gold in 6 years of reddit, thanks whoever gave it! Tbh I was honestly scared of posting this and thought I'd get laughed at or downvoted. Glad it's helping some people out.
submitted by Sublime-Silence to CryptoCurrency [link] [comments]

PSA: Back up your Google 2FA Codes!

Just imagine this very possible scenario. You've invested in a coin, and it's went up 1,000%, you're all excited. Then when you go home to unload your bags and rake in that profit, you realize you left your phone behind and have lost it. You can no longer enter your exchange account. You then email your exchange, but it's futile, as it'll take a minimum of WEEKS before you hear anything. Your coin that went from making 1,000% profit, has just massively dumped, and you're now at a loss. How does that feel, knowing you could've made bank, but instead you forgot to back up your 2FA codes.
This is just a heads up guide to those who may not be aware that your 2FA codes matter a ton, especially for most exchanges that could very well take months to get back to you (Bittrex, Coinbase, Binance) on resetting your 2FA code if you should ever lose your phone.
Most people will often OVERLOOK the 2FA setup text code that is shown to you when initially setting up your 2FA. They see the barcode and they immediately go to scan it and proceed. When you lose your phone, that 2FA code (in text format, or the barcode itself) will be used to recover your 2FA authentication into your account. You should ALWAYS back up the code or take a screenshot of the barcode and save it somewhere safe, such as an external storage device, like an offline USB, that you could enable Bitlocker on and encrypt, or write the codes down on paper. If anyone gets ahold of your 2FA codes and your login information, your account is as good as gone.
Another alternative would be to set up 2FA on a secondary phone as well. It's not uncommon for people to have more than 1 phone, such as myself. I have a secondary backup phone, that I can use as a secondary 2FA device (that never leaves home and stays offline) if I should ever lose my primary. You can actually just enter the same text code/Barcode into your secondary phone and it would still work just like normal. It can scale to unlimited number of phones. Just make sure you keep secondary/tertiary phones physically secure.
Google Authenticator
Authy
submitted by BestServerNA to CryptoCurrency [link] [comments]

Binance Google 2FA Lost

In Binance I have lost Google authentication and still have my 16 character code. i set it up in Google Authenticator but I get an invalid response when I enter the 6 digits. I have tried to follow the binance support article as I suspect the Google 2FA is not enabled. I can not get to the ACCOUNT CENTER. Any help?
submitted by pswcycles to binance [link] [comments]

TIFU by losing over $10,000 from letting an old lady call her grand kids on my cell phone

So this actually happened yesterday. I’m feeling all sorts of different feelings right now. I have google authenticator installed on my phone. For those who don’t know, google authenticator is an app that's connected to your smartphone and make logging in more secure because you have to type in the exact code that’s sent to your phone. When signing up for google authenticator you also get a backup code in case you lose your phone or get a new phone and want to continue using the same Google Authenticator account. My lifestyle is very connected with my online content so I connected lots of apps to my google Authenticator or to my phone number to authenticate. My first fuck up is when I saved my back up code as a screenshot in my phone’s files. I really didn’t it was a big deal because I never lose my phone and I always had access to it. I also connected a lot of accounts to Google Authenticator such as my email, my YouTube account and my binance cryptocurrency wallet. Yesterday I was at the bus stop heading to get some lunch. I was using my phone and an older lady with wrinkled shaky hands asked to borrow my phone so she can call her grand kids. I was relatively fit, I’m young, I’m athletic so I was pretty confident this lady can’t outrun me if she decided to run with my phone. I asked her for the number she was calling, I type it in and handed my phone over to her so she can talk with her grandkids. I proceeded to step back but not too far away. Less than a minute later the lady handed the phone back to me and said that my phone wasn’t working. The screen had red and black Chinese characters on it. I was very confused because it was working just fine just before I handed my phone to her and it was apparently factory reset. Apparently my phone (the Chinese One Plus 3) had a security feature in it that I didn’t know about that will factory reset the entire phone if too many attempts at the fingerprint sensor is made. So I had to go through the entire phone rest process again, had to hunt down Wi-Fi so I can reinstall all my apps from my google play account. I checked my contacts and only my contacts saved on my sim card were still there. All my photos have been gone except for the photos I’ve taken because thank the lord for google drive. I lost a lot of files but it was okay, if I lost it then I lost it. The fuck up hit me when I tried to access my Gmail account because I set it to ask for my personal Google Authenticator code whenever I logged in, I opened my Google Authenticator app and it had been reset too. I scoured all my files, plugged in my phone to the computer and did everything I could but the backup code screenshot had been deleted along with other files on my phone. I was still like oh well no problem I have another email I could use and I can always make another YouTube account. I’ve been casually involved with Cryptocurrency for the past year and a half and put in a few hundred here and there. I’ve had some highs and lows with cryptocurrency but the last I checked I had roughly $12,000 dollars in holdings on my crypto wallet. Because my crypto wallet is so important I set it so I would need to provide my Google Authenticator code every time I logged in but I don’t have access to my Google Authenticator anymore … so effectively I’m cut off from accessing my crypto holdings that I worked so hard to build up for.
TL;DR I let a sweet old lady use my phone at the bus stop, triggered the fingerprint sensors too many times and factory reset my phone and my ability to access my cryptocurrency account.
Edit: just want everyone to know im in the process of removing my google authenticator from binance. Process will take a week or so but i should have my moola back. It's been a wild ride.
submitted by Tac0s9 to tifu [link] [comments]

Trouble accessing account with Two-Factor reset

So I recently had to switch phones and move at the same time, and I lost my backups for my google authenticator (I know, eternal shame upon me). I was able remove my binance 2FA, or at least past the tests that confirm it's me and send me a link to do so. As part of this process the website wants me to sign in via the binance app and scan a QR code...but to do that I need to sign in to the app and put in my google 2FA code, for which this entire process was to remove/reset! Has anyone had problem with this? I dont have a webcam so I cant do the facial recognition option unless I buy one, is that my only option?
submitted by Sundermane to binance [link] [comments]

Lost Google Authenticator?

I've had this issue for around a year. I lost my google authenticator, I don't know how, and I haven't been able to get into my account since then. I have none of the information that Binance asks for when I try to get back into my account, and I'm sitting on $3,000 worth of BTC in there. How can I get back in to my account? I have tried emailing them but they don't help for shit.
submitted by ilovemycuddlebunny to BinanceExchange [link] [comments]

Protonmail Disabled My Binance Cryptocurrency Exchange Email Account | €500 Worth of Bitcoin Lost

On 10th November I have created a new account on the Binance cryptocurrency exchange. Binance accounts need to be associated with an email account and I created a free ProtonMail account for this purpose.
The reason for choosing ProtonMail over say Gmail or Yahoo is due to the fact that Protonmail is more secure. Basically, I thought that my Binance account would be safer if it was associated with a ProtonMail email account as was any Bitcoin or any other cryptocurrency deposited in the same Binance account.
My internet connection does not use a fixed IP address and in order to login into this new Binance account, I need to open my new ProtonMail email account, open an email that is sent from Binance and click on a confirmation link in the email to confirm that the IP address indicated in the email is mine. Without clicking the confirmation link, I cannot access the Binance account.
Email confirmation is also required for withdrawing funds from Binance, as is probably the case with any other major cryptocurrency exchange. In other words, if one loses access to the email account that is associated with a cryptocurrency exchange account, that person can no longer withdraw any cryptocurrencies from the account. This practically means that both the account and any Bitcoin and/or other cryptocurrencies in the account will become useless.
Anyway, to continue with my story, on 18th November I tried to log in into my new Binance account. I entered my email/username and password, inputted the 2FA code from Google Authenticator and I got the usual pop-up message from Binance stating that I need to confirm my IP address by clicking the confirmation link in an email sent from Binance.
So I opened the ProtonMail site and I entered my email address, password and 2FA code. To my surprise, I was unable to log in successfully as I got a message stating that my ProtonMail account has been disabled for abuse or fraud.
I immediately sent an email to [[email protected]](mailto:[email protected]) as indicated in the message and asked for my account to be unblocked. The next day, I received the following reply from ProtonMail:
“The account was automatically disabled by our anti-spam system due to a suspicious activity. The account will not be enabled.”
I wrote to ProtonMail again and explained to support that I did not use the email account for any illicit purposes. I also explained to the ProtonMail staff that I need to access the email account because it is tied to a Binance account. However, the next day ProtonMail's support replied in the following manner:
“Your account cannot be enabled since we believe that it is for abuse.”
I send another email to the ProtonMail abuse team and explained to them that without access to the ProtonMail account I will lose access to the Bitcoin and other cryptocurrencies worth €500 that are stored in the Binance account that is associated to the disabled email account. I also asked the ProtonMail staff if they could escalate the ticket to management or if they will be willing to help me if I become a paid ProtonMail customer.
I received no reply to my email so the next day I sent another email to the abuse team and pleaded for help. I told ProtonMail’s support that I do not even need to send emails from the deactivated account. I explained to support that the only reason why I need to access the email account is to be able to read emails from Binance and click on any confirmation links.
ProtonMail’s next reply was the following:
“Our team has examined your account once again and it will not be enabled. You will not be able to access your messages anymore or reuse the account.”
I really cannot understand why ProtonMail’s staff have treated me in this manner. My disabled account was just a few days old when it was deactivated. I only had a few, maybe six or seven emails, in the inbox folder with three emails coming from ProtonMail and the rest coming from Binance.
The thing is that, as far as I know, I did not even send a single email before the account was disabled. How did ProtonMail 's staff come to the conclusion that I wanted to use the email account for abuse? I am not stupid so if I wanted to use an email account to spam somebody, I surely would not use an email account that is tied to a cryptocurrency exchange account!
Not knowing what to do, I did a Google search to see if other people have been burnt by ProtonMail’s support after getting their accounts disabled. Not surprisingly, it seems that there are many other ProtonMail users who had their accounts disabled because of some “faulty” anti-spam filter. Apparently many users got their accounts suspended because they were using a VPN service while using their ProtonMail account. I too have a subscription to a VPN service and I would not exclude that ProtonMail’s spam filter flagged my account as suspicious due to the fact I was using the VPN service at the time.
While I can understand that no anti-spam filter is perfect, the real problem is that ProtonMail does not seem to care about its existing customers and potential future customers. I doubt that ProtonMail’s staff have done any effort to examine my mailbox and those of other disabled accounts.
Anyway, it is unfortunate that I had to learn the hard way the mistake I made in thinking that I would be better off in using ProtonMail to secure my Binance exchange account instead of Google, Yahoo or some other email service provider. While ProtonMail might be more secure, I am not aware that Google and Yahoo deactivate accounts for accessing the email accounts over a VPN network or for no other valid reason. What is the use of using a more secure email service if there is a high risk of getting email accounts disabled without doing anything wrong?
Although I will probably never get hold of my €500 worth of Bitcoin again, I hope that at least anyone thinking of using ProtonMail for cryptocurrency exchange accounts, work related accounts, bank related correspondence or even for personal use will find my story useful and will consider all pros and cons before taking a decision.
The fact that my ProtonMail account was disabled is kind of having my €500 worth of Bitcoin being held hostage by ProtonMail. ProtonMail does not have access to the cryptocurrencies in my Binance account but neither do I at this point. It is like I had two different keys to unlock the repository where the cryptocurrencies are stored and ProtonMail confiscated one of the keys. There is no need to say that I have worked hard for those €500, but what if I had €5,000 or even €50,000 worth of cryptocurrencies in that Binance account? How many cryptocurrencies and cryptocurrency exchange accounts will be lost forever because of ProtonMail’s actions?
ProtonMail’s “faulty” anti-spam filter is probably doing the company more harm than good. However, it is only ProtonMail’s fault for not doing anything about the issue, playing the bullies game, pretending to examine disabled accounts while providing no real evidence of abuse and being insensitive to the fact that disabled accounts can lead to loss of money, loss of business or loss of personal data.

UPDATE on 26th November: After providing proof that I am not a spammer, ProtonMail's abuse team contacted me this morning to inform me that my account has been enabled. I can confirm that the email account is working fine again.
Thank you ProtonMail for your understanding.
submitted by jxuer to ProtonMail [link] [comments]

2FA Authentication

This post isn't directly related to KIN, however, it is for me as you will see below.
What Method of 2FA is best, and what do you all use for the likes of CB , Binance, etc.?
My phone which had Google Authenticator on it just died on me the other week without any signs of issue - It will not come back on again, and now I am locked out of my exchanges, which means I cannot buy Eth to complete the Migration... I can't move my KIN off Bancor!
Given that phones usually have a short life these days (between 1 & 2 years), not to mention if the device is lost or stolen, and it made me think, there must be a better way of using 2FA? I know you can get it for Google Chrome, but what if the same thing happens to the Computer?
I tried to use my CB Special key to get Authenticator working on my new phone but logon keeps failing. Forget about even trying to get Support to help with it... My only solution now is to fix the phone so that I can gain access to my accounts again. Repair will cost more than the phone is worth, so I am going to do it myself.
Just want to try and future proof my investment from here on...
Thanks for any advice.
submitted by skintt125 to KinFoundation [link] [comments]

How To Reset Password Of Binance Account  Binance ... How To Disable 2 Factor Authentication in Binance How To Disable Your 2FA/Google Authenricator On Binance How To Remove 2FA Any Exchange How To Reset Koinex 2FA Google Authenticator  Reset Binance 2FA Google Authenricator  Crytpto News How To Reset Binance 2FA Google Authenticator  Binance ...

Lost Google Authenticator Code. Hello, I have been trying to get ahold of someone from Binance to access my account. I have put in multiple support tickets and have also been trying to verify/bypass with past transactions and BTC amount. ... I'm pretty sure there's a way to recover your Google authenticator setup (if you didn't delete binance ... The Google Authenticator is an app that utilizes two-factor authentication (2FA) services with the help of two algorithms. The first one is the Time-based One-time Password Algorithm (TOTP) and the other is the HMAC-based One-time Password Algorithm (HOTP). If you’ve lost access to your Google Authenticator app or it has stopped working, you can reset your Google Authentication by following the steps below: Navigate to Binance login page and log in with your Binance account email address and password. In the[Security verification] page, click [Lost access to verification]to go to the next step. Below is a guide to help you enable Google Authenticator to improve your Binance account security. Step 1: Install Google Authenticator. Download and install the Google Authenticator in App Store (for iOS) or Google Play (for Android). After installation, click 【Next】to proceed further. Step 2: Scan QR Code with your Google Authenticator app If they're not synchronized them and go back to Binance's website and re-enter your login, your password and the 16-digit code you received earlier. How to reset Google Authenticator. Click "Lost Your Google Authenticator?" on Binance's website. If you have your backup key you can use it for a quick fix.

[index] [485] [123] [631] [649] [455] [204] [635] [167] [138] [125]

How To Reset Password Of Binance Account Binance ...

How To Reset Binance 2FA Google Authenticator. If you’ve lost access to your Google Authenticator app or it has stopped working, you can reset your Google Au... Hlw Traders Welcome To Our Channel,Are You Wait For A New Desition How To Make Money In Bitcoin And How To Trade Pls Watch Our Videos And Lern Somthing For Your Next Trading. *Details Of Coin Open ... Lost my 2 factor authenticator, follow-up video! ... (binance) on Google authenticator after loosing device or ... 3:38. Puri Perfection 97,805 views. 3:38. Google Authenticator How to Backup ... How to Backup Google Authenticator Codes Tutorial 2020 - Duration: ... (binance) on Google authenticator after loosing device or app ... I May Have Lost $30,000 Because I Uninstalled An App ... If you plan to sell your old mobile device you MUST watch this video first. You will need to disable your Google Authentication from within your Binance account to prevent getting locked out of ...

#