My phone with 2FA codes has died… again… for the 3rd time in something over 2 years (average Poco X3 Pro experience).

I’ve used the Cisco Duo app, mainly for the convenience of automatic backups. After all, this has saved me the last time my main phone died. Connect GDrive, download DB, enter passphrase to decrypt, there you go.

I’ve turned on my still barely functioning 2017 Moto G5s Plus. There I had the Duo app. Upon opening it says something along the lines of “Device offline, showing on-device accounts only.”
How does that read to you? Auto-sync, I thought.
I connected to the internet, refreshed the app, nothing. I go to settings, check the backup… horror!
“Last backup: October 6th 12:06”
I opened the app at 12:06.

Why would you update the backup if it has more recent timestamp than current version?
“Hmm… this phone last backed up in 2023, most recent backup on cloud is 2024, yep, OVERWRITE IT WITH 2023 VERSION!!”

Hmm… this also means I’ve lost access to my Cisco NetAcad school account…

Welp, lesson learned, switching to Aegis.

Since disabling TOTP requires TOTP token, I have no way to disable it. I hope the instance admin can, but SDF has far more important shit to care about.


I am thinking on getting something crazy like Ulefone Armor 24 brick. Though it lacks things like 5G, stereo speakers, and 4K video recording, but I can afford it and have it shipped tomorrow morning.

  • Julian
    link
    fedilink
    English
    222 months ago

    Pro tip: if you have nextcloud you can set aegis to backup to a folder synced to the cloud, giving you automatic cloud backups. It can keep multiple copies too to prevent a situation like that happening.

    But yeah, sorry that happened, hope you find another way to access those accounts.

    • @infinull@lemmy.dbzer0.com
      link
      fedilink
      English
      22 months ago

      I do this, but with keepass (keepass on all devices and then sync with nextcloud). Saved my butt a few times, I can go into the file history and pull an old version of the keepass db out of it, and then keepass has a merge feature, so I can pull the old file out, and merge with current to find missing records.

      Anyway… backups good.

  • @folekaule@lemmy.world
    link
    fedilink
    162 months ago

    This is why more sites need to support multiple 2FA devices. Most of them support a fallback like SMS, but they restrict you to one key. I can’t think of any reason to restrict this other than trying to “keep it simple” for users, which is just silly.

    • u/lukmly013 💾 (lemmy.sdf.org)OP
      link
      English
      142 months ago

      Or implement backup codes. I have backup codes for sites like Google. They are some longer single-use codes that can be used to login and reset 2FA. A lot of sites have that.

      But yeah, I never thought of multiple keys. I could simply enroll and un-enroll each device. Safer and more convenient.

      • @folekaule@lemmy.world
        link
        fedilink
        12 months ago

        I think everywhere I use 2FA they also have downloadable backup codes, but you have to store those securely somewhere also.

    • zea
      link
      fedilink
      12 months ago

      I yearn for a day user agents can not suck. Backups and syncing should not be this hard!

  • Anas
    link
    fedilink
    12
    edit-2
    2 months ago

    Sorry about that, but thank you for this post, I had no idea Lemmy finally implemented 2FA.

    EDIT: On second thought, there actually is no way to generate a recovery code, so I think I’ll wait a little longer.

      • Anas
        link
        fedilink
        22 months ago

        That’s actually not a bad idea, thank you!

    • u/lukmly013 💾 (lemmy.sdf.org)OP
      link
      English
      2
      edit-2
      2 months ago

      OK, I recovered it. It seems Lemmy (at least 0.19.3) has no rate limiting for trying 2FA codes.

      Edit: Fixed typo (seem -> seems)

      • Anas
        link
        fedilink
        32 months ago

        Oh, this doesn’t sound very secure

  • AItoothbrush
    link
    fedilink
    English
    62 months ago

    Ahh i had this with a hungry shark world account. I was huge on the game, grinded insane from the start of the game so i had a ton of shit that was only available in older versions and when i moved to a new phone and wanted to restore the backup it overwrote it losing me years of data. Snorted copium for a few weeks but gave up after. Never played it since then.

  • Scroll Responsibly
    link
    4
    edit-2
    2 months ago

    @user224@lemmy.sdf.org Try either emailing the sdf membership email address or sshing onto one of their hosts and posting on BBOARD.

    Edit: …if you haven’t already

    • u/lukmly013 💾 (lemmy.sdf.org)OP
      link
      English
      42 months ago

      Already did, but thanks.

      I remembered them resetting 2FA (per-request) when Lemmy used I think SHA256 instead of SHA1 and a lot of people got locked out.

  • nifty
    link
    fedilink
    32 months ago

    Well, there’s no karma so if you’ve saved threads or comments, I’d quickly archive those somewhere. Then just link to this account in your new account bio

  • @OfficerBribe@lemm.ee
    link
    fedilink
    32 months ago

    Pretty wild if there is only a single backup. Could not get an answer from Duo documentation, but I see it uses Google Drive for backup. Maybe you can get previous version from Gdrive?

    Aegis is great btw if you need an app for standard TOTP. Using it for quite some time and very pleased with it. It creates new backup of your tokens whenever you add a new one.