How to regenerate two factor authentication key


#1

Have migrated all my mobile apps from my old mobile phone to a new one. Unfortunately the keys for the Google Authenticator app did not get copied and so I now cannot login to the Particle console because I use two factor authentication…

Question - how do I retrieve the old key or generate a new one?


#2

Just open a support ticket and we’ll get you squared away (support.particle.io).


#3

This comes up quite often – so I thought I’d make things clear about Google Authenticator (and Authy, which is what I prefer).

When you first turn on 2FA on your account, you are presented with ten one-time recovery passcodes. What we need to emphasize more in the 2FA enablement process is that if you don’t save those somewhere safe (not on your phone for crying out loud!), and you’re using Google Authenticator, when you lose your mobile device or drop it in the toilet, you are locked out of your account and we will then have to intervene to restore account access, which takes time because we have to authenticate that you’re actually the owner of the account.

I prefer to use Authy, because they store authentication keys (or perhaps, a hash of them?) in their cloud. Someone’s going to say “oooh that’s a terrible idea!” but in my opinion, this is a second factor of authentication and it’s very unlikely that you’re going to get compromised on both your account password and your 2FA mechanism, and anyway it’s still vastly more secure than a one-factor authentication approach.

Takeaway: Your choices: (1) Store your ten one-time recovery passcodes in a safe place (you could consider – gasp – printing them out (I know that’s very 20th century :crazy_face:) or more easily, just email them to yourself); (2) Don’t use Google Authenticator or other non-cloud-based authenticators; (3) Don’t use 2FA at all, or (4) be One of Those People that has to have Particle help regain access to the account because (1) – (3) were not followed :grimacing:.


#4

@ParticleD,

Thanks for the advice and disabling 2FA on my behalf.

My take away here is:

  • most definitely print/save the recovery passcodes otherwise if you lose your hardware authenticator you will be in a problematic situation that requires Particle support intervention
  • if you have not saved your passcodes, you should do so by logging in to your account, click on your account login link at the top right hand corner of the screen and then click on “Edit Account”
  • Click on the “store your recovery codes” link

If you lose/break your authenticator hardware (eg your mobile phone), then use one of your unused recovery passcodes to login. Next, disable 2FA from the “Edit Account” section, then re-enable it to be issued with a new key and new set of recovery passcodes.

Case closed.