It's finally happening! The tech giants are banding together to get rid of passwords for good. Doing this will require extensive use of 2-factor authentication, especially from your phone. But what happens when you lose your phone? How do you recover accounts after losing your phone?
Let's get into it.
The Future of Login
If you didn’t know already, Apple, Google and Microsoft have recently joined forces to get rid of the use of passwords.
These tech leaders are pushing for a world where password-less logins are available across all platforms on all devices. The goal is to drastically reduce the amount of data breaches and account hacks happening every day.
Apple, Google and Microsoft announce that they are all committed to creating a new industry standard for password-less logins. This idea of a no-password sign-in will use one device, be it a smartphone, as the main authenticator for apps, websites and other digital services.
To be able to login to your accounts, you'll simply unlock your smartphone with its designated PIN, pattern or fingerprint. The authenticators then utilizes a passkey that is shared between phone and website.
Now your phone has the ability to get you into any account you have regardless of platform.
So... what happens to your accounts if you lose your phone?
We are all using 2-factor authentication to get into at least some accounts. Banking, Social Media and even work accounts now require some sort of 2-step authentication.
So, when you lose your phone, it's hard not to think worse-case scenario. The idea of getting rid of passwords means these phones are even more crucial than ever.
Let's go over some things you can do if you've lost your phone and need to get into related accounts.
Getting into Accounts After you've Lost your Phone
1. Contact Your Wireless Provider
Many online businesses and services rely on codes sent to you through text message or phone call to verify your identity. Especially financial institutions. So gaining back your phone number is crucial.
If you misplace your phone and are at the point where you know you won't be getting it back soon, the first thing you should do is call your wireless carrier.
Calling customer support is a good start, but if you can, we recommend going to your carrier directly for quicker assistance. Once you've found someone who can assist you, work with them to determine the best strategy to reclaim your phone number.
This can happen in a number of ways:
If you have insurance, they can move your service to an older phone until you can find a more permanent replacement.
Alternatively, they could activate a new SIM card for you. The little chip that holds your phone number, so you can use it in a different device.
If you're quick enough, this should prevent whoever has your phone from receiving incoming calls and texts intended to verify log-in attempts. Plus you'll be able to log into your accounts again.
2. If Available: Use Backup Codes
There are several services where they allow you create a "backup" code in the instance you lose access to your phone. Consider this option as a powerful last resort. They are usually meant to get beyond other security measures and provide you immediate access to your accounts and information.
These are not, however, passwords. The services that provide these codes normally provide you with several at once, usually about 10, and each code can only be used once to unlock your account. In other words, do everything you can to keep these codes safe.
The disadvantage? Backup codes are pretty rare in general. Once you've set up two-factor authentication, companies like Google and Twitter let you create them, and the government will let you do the same if you ever need to use Login.gov.
Unfortunately, single-use backup codes appear to be less common among banks, which is one of the first concerns consumers have when their accounts are threatened.
3. Remotely Lock Your Device
Services will occasionally attempt to authenticate your identity by delivering a code through email to an address on file. That can be useful if your phone is misplaced, because you'll probably be able to view an email on a Web browser.
However, if your phone is stolen while it is still unlocked, those emails may be available to the perpetrator as well. If the missing device is a smartphone, there's a simple solution to keep those prying eyes away.
When you notice it's gone, lock it down.
Anyone who gets their hands on your phone will have to enter the PIN code or password you've previously specified before they can access any of your data. Here's how you do it.
For Android Users:
- Sign into your Google account at Android.com/find.
- Select the phone that is missing
- Then, to lock the phone and sign out of your Google account, go to "Secure Device."
- You'll also have the option to leave a message and phone number for anyone who finds it.
For iPhone Users:
- Sign in to your Apple account at iCloud.com.
- Type the verification code onto another Apple device if you have one. If not, go to the bottom of the screen and click "Find iPhone."
- Select the phone you wish to lock down under "All Devices."
- Click "Lost Mode"
Once you are able to get these specific settings for your smartphone, you'll also have access to the nuclear option. To remotely erase your phone entirely. This will ensure there are no juicy information or saved passwords are left for anyone to see.
For the Android users, you'll follow those same instructions and click "Erase Device" instead of "Secure Device."
For the iPhone folks, you'll follow those same steps and click "Erase iPhone" instead of "Lost Mode."
Regardless of the phone you use, you'll need to confirm your choice before the total wipe begins. People have differing opinions on this option: some want to wipe their phones as soon as it goes missing, while others view it as a last resort.
Our advice: If you're certain your phone is a goner, you should seriously consider wiping it.
4. Before You Lose Your Phone: Set up 2-Factor Authentication on Two Devices
If you ever lose your primary phone, having a separate device with your 2FA is a wonderful backup.
Keeper and Google Authenticator are just two of the many authentication tools available to aid you with 2FA.
The latter allows you to prove your identity by scanning a unique QR code. Take a photo of the QR code with a second device or, better yet, print it and save it in a safe place to use in an emergency.
Hopefully these tips will help you in the event you lose the phone you rely on for 2-factor authentication.
With the future seemingly password-less, it's important we take the necessary steps to protect out devices before anything bad happens to them.
If you are watching this because your phone is gone, I hope these steps help get you back your accounts.
If you are in need of some 2-Factor Authentication advice or setup, feel free to book a time to chat with us via the Calendly link below. I'd be happy to discuss ways to optimize your company's IT
Click here to schedule a free 15-minute meeting with Stan Kats, our Founder and Chief Technologist.
STG IT Consulting Group proudly provides IT Service for Small to Medium Businesses in Greater Los Angeles. We'd love to see if we can help you too!