Authy Dual (or more) Account Verification 2FA


#1

One of the problems in crypto, has been the growing use of Authy 2FA to secure client accounts from third party access. As many of us have seen, having Paybase, Zencloud, Coinbase, and many other accounts requiring Authy, has presented issues relating to separating accounts from the Authy dependency of one smartphone and one number (e.g. the App). If one is selling a cloudmining account, such as was the case with Zencloud, there has been no easy method to do so without changing access to other accounts with the same smartphone number, such as Coinbase or Paybase.

As is the case with Coinbase, the only resolution for users has been to close the Coinbase account, opening a new account in its place. This is even more problematic considering that, if you have a fully verified account at Coinbase, starting a new one requires 30 days to complete the new verification process. Coinbase will not change the smartphone number on your account.

Some websites allow you to disable your Auth 2FA, while others will not (Paybase allows you to disable Authy 2FA). Moreover, some websites allow you to change your number registered for Authy, while others do not. How can you better organize your various Authy 2FA accounts without having to perform painful changes, each time you sell a cloudmining account?

What if there was a way to have Authy enabled on multiple accounts without having to have multiple smartphones (or a dual sim smartphone)? Would this be advantageous to anyone?

Well, I finally have found a way, and you can use a different number for each account requiring Authy, while having all of the accounts pointing to the same, single number smartphone.

Has anyone figured out another workaround to this dilemma that still only required one smartphone and phone number?

Before I write the solution, I want to hear how others have done it thus far.

(the plot thickens) :stuck_out_tongue_winking_eye:


#2

If the solution is Google voice I strongly recommend that you not use it. It puts an extra layer of vulnerability in there.

The best and only solution is to pressure providers to have a way to change the 2FA. Disable, Change number or whatever makes it possible to release one account from authy and transfer it to another one.


#3

Nope! Totally secure and no phone calls. :slight_smile:

Edit: Actually, the providers do not have to change anything. They can even make it more stringent, and not affect the users with this one simple solution. I sound like that guy selling towels on TV now. :slight_smile:


#4

You’re not going to tell are you? Keeping us in suspense…


#5

I thought about this for a while, as I sold my ZenCloud account. As I was already in deep with Authy, I couldn’t prepare better in advance. I had to swap my Authy account with the buyer. Coinbase was the only one I had to lose. The others I could put it back on sms then back to Authy once I reloaded it.

I heard about the Google voice thing, but I don’t really trust that. Seems that the number could be hacked much easier than a cellular line.

I do know you can get a browser based Authy app, but haven’t explored that yet.

Would love to hear your solution and also to see what other people have come up with. @taylan would be good to consult about this. I can only imagine the amount of Authy interaction he has had the past few months.

Edit: lost Paybase as well, but that wasn’t a big loss. Coinbase I was verified and for a while at that. My instant purchase limit was very nice…slowly building it back up now, but have been using circle as well.


#6

I have the solution, I will tell and it turned out to be so unbelievably simple. I won’t say free though, but close enough. I am also having a conference call on this tomorrow with a company co-founder. I think they are American…


#7

It is available for Chrome, yes, but that is not as easy either. On your smartphone, you cannot use add-ons to Chrome, or are limited to only certain ones.


#8

Ok now that is even worse than google voice. The idea about 2FA is separation of authentication method and the actual authentication on the computer.


#9

It is hard to tote your computer around with you when you are running errands. :smiley: My solution is simple and is direct. It also already exists. The company’s technology/service operates in a totally different world than crypto. They had no idea what crypto was. I just married two separate worlds together today, although it took most of the past week to get it accomplished, technically speaking.

Working with Authy was tough, and I mean TOUGH, over email. :smirk:


#10

well its good that at least paybase has the option to remove 2fac now, maybe you can talk to the buyer and get that sorted


#11

Nah, it was much more valuable and important to me to get rid of that ZenCloud account. You actually made it easier for me. I thought you had to email them and wait the 72 hours for the switch. By that time, the account could have lost much value.

I emailed Coinbase and they wouldn’t change my number. They were just as much a pain in the ass as Paybase was.

If you request a change from the phone, isn’t that enough proof of ownership to initiate a change? I thought so, not sure why they fuss so much about it.


#12

Looking forward to seeing the solution.

I’m really into mobile applications. (Not programming of them, that’s out of my bag of tricks.) I like to use and explore them as the mobile world is very exciting to me. The technology is extremely powerful and some of the most innovative going these days.


#13

I will now have a permanent fix for this problem going forward into the future. When I think of how I ran across this, it boggles the mind. I wish I would have figured this out months ago. I am happy yet also angry.


#14

It is a mobile solution absolutely. Saves you ever having to change your number. It is the perfect cost-effective way of managing all the various accounts miners and traders have.

Edit: Meaning those that require 2FA or even Google Authenticator. Moreover, it is a great solution for those websites that only use your registered phone number for SMS push authentication. It is the perfect solution.


#15

And I can confirm that the authy app on chrome/desktop doesnt seem to work, in my experience, with this process.


#16

I’m glad I could help out :slight_smile:


#17

See, we have GHcloud, we don’t need Authy :slight_smile:


#18

But if you ever expand the business to the point where Authy or Google Authenticator is necessary, I have a solution for that! :slight_smile:

Conference call is tomorrow. I will post the result here to answer the question. :wink:


#19

That’s the point it is not necessary since you don’t log-on to GHcloud and your data resides in your browser. Why would you Authy to view the data that is stored on your end already? Your GHcloud account can’t be compromised*, it only exists on your end.

(*from the GH server side)


#20

Well, you never know what you guys come up with next. :wink:

Any idea how many people there are in the crypto world per chance?