Your Android Phone Uses Two Factor Authentication, But You've Lost It. Now What?

Most people with online accounts have been asked to enable two-factor authentication (2FA) before. It’s one of the most accessible online security measures you can take, and we at TechBldrs recommend it highly. Companies like Google, Facebook, and Microsoft encourage users to add a device- like a mobile phone- to which they can send a login code when an attempted account login is registered.

If you’re the owner of the account, great: you input that code when prompted and gain access. If the person trying to access your account isn’t you, then that added layer of security just saved you a major headache.

But what happens if the person trying to access your account is you, you’ve just lost or broken your phone?

In this article, we’ll review what to do if you’ve lost a device (like an Android phone or tablet) with access to a Google account. It’s important to note that for the following steps to work you must know your Google Account information before you lose your phone. (So if you don’t, go do that now- we’ll wait.)

If you have an iPhone or iPad, never fear: we’ll cover the Apple iCloud and Apple accounts next month.

Use a backup phone

If you use a backup phone (like your spouse’s phone or a work or personal phone), you can send a secondary two-factor authentication code to that number, allowing you access to your account. Here’s how to set a backup phone for your account.

1. Sign into your Google Account page
2. On the left navigation panel, click "Security"
3. Go to “Signing in to Google”
4. Select the “2-Step Verification” option
5. Below your primary number, there will be an option for backup phone number
6. Click “Add a phone number”
7. Fill in the backup number, choose how you would like to receive the verification code, then hit “Send code”
8. Click Save

Once this process is completed, it can be repeated to add as many numbers as needed.

Use a pre-generated backup code

You can also generate a list of backup codes you can store in a safe place in case you need them, making it possible to log into your Google Account without your two-factor authentication device. We highly recommend generating a list of these codes and keeping them on you when you travel- it’s better to be safe than sorry!

To create and view a set of backup codes:

1. Go to your Google Account page
2. On the left navigation panel, click “Security”
3. Under “Signing into Google,” click “2-Step Verification”
4. Under “Backup Codes,” click “Setup” if you wish to set up backup codes for the first time, or “Show Codes” if you have generated backup codes before

If you need to use one of your backup codes, follow the steps below to sign in.

Signing in with a backup code:

1. Locate where you stored your backup codes
2. Sign into your Google Account page
3. When prompted for your verification code, click “More Options”
4. Select “Enter one of your 8-digit backup codes”
5. Enter your backup code

Keep in mind that each code can only be used once, so we recommend marking each code off as you use them. This way, you’ll also be able to see when it’s time to generate new codes.

Removing devices & programs from your “Trusted” list

Google keeps tabs on which devices and programs you use often and adds them to a “Trusted” list. (Ever click a prompt that comes up without reading it? You may have added a device or web browser, like Chrome, to your Trusted list without even knowing.) This means 2FA may be disabled on those devices and programs, which is dangerous if one of those devices is a device that was just lost or stolen. Revoking access is the only way to prevent those devices from having access to your account.

In case of emergency, here’s how to purge that Trusted list.

1. Go to your Google Account page
2. On the left navigation panel, click “Security”
3. Under “Security,” go to “Signing in to Google”
4. Choose “2-Step Verification”
5. Under “Devices you trust,” select “Revoke all”

In the future, you can re-add devices and programs to the Trusted list, so never fear, the purge isn’t necessarily forever.

Turning off Two-Factor Authentication

Your account is more secure when you need a verification code to sign in. But, if you need to temporarily disable two-factor authentication (like if you lose your phone, but still need password access to your account on a computer), follow these steps. This is useful, but should only be used as a last resort.

1. Go to your Google Account page
2. On the left navigation panel, click "Security"
3. Choose “2-Step Verification”
4. Select “Turn off”

You now will only be prompted for a password when you login to your account. We recommend turning two-factor authentication back on as soon as possible.

This is only a brief overview- if you do lose or break your phone and need further, detailed help, we recommend searching Google Account Help.

We store our entire lives on our mobile phones- pictures, emails, important account information, financial data, etc.- make sure you’re familiar with the steps we’ve outlined above. Remember, the only way to ensure your cyber life is protected is through careful preparation and preventative measures like two-factor authentication!

Still have questions? Want to know what else you can do to protect your personal information online? Call us at (610) 937-0900 for advice or for a free cybersecurity assessment for your business!