Two-Factor authentication might seem like a good idea on face of it – who doesn’t like extra security?
In practice, however, it actually reduces security and adds hassle.
When signing up for secured online services, most users, me including, were not properly warned about potential pitfalls of using 2FA and scenarious in which this “security feature” might actually forever lock you out of whatever you’re trying to secure – may it be a Google or Microsoft account, or even a Bitcoin wallet with several BTC in it.
The issue with 2FA is simply the fact that computers fail and mobile devices are the most failure-prone of all computers.
And it’s not just high probablility of phone “bricking” itself or being “bricked” by your own mistake – it’s the even higher risk of losing the device.
When you lose phone with 2FA app like Google Authenticator (GA), you are out of options – there is no way of migrating your existing GA account to your know phone and you are in mercy of customer support for whatever 2FA-enabled service you used to use.
There is no guarantee that customer service will help you with re-setting 2FA, even if they provide specific form for such inquaries.
If you’re lucky and do get your 2FA reset, it will certinaly be days if not weeks after your request. That’s because removing or re-setting 2FA is manual action that requires human interaction and should not be completely automated, otherwise it would defeat the purpose of 2FA in first place and any hacker could just fill out the 2FA reset form and be done with it.
If you do use Two-Factor authentication and Google Authenticator in particular, you are at mercy of phone hardware and your own ability to not lose your phone. Manually backing up GA database is feasable, but only in theory – in practice it is far too much extra work.
Automatic cloud-based backups would work, but would also be against the whole philosphoy of 2FA and massive security liability for Google.
My strong recommendation is to never use 2FA but use multiple lengthy and unique passwords stored in a safe, encrypted password manager, such as KeePass.
And most importantly – pay attention to what programs from what vendors you instll and you will never “need” the Two-Factor Authentication.