I’ve been a fan and use two-factor authentication (2FA) whenever possible. If you’re new to the concept, it’s a feature that, when you log in with a new computer or a new browser or something, you enter your login and password and then the service wants a second way to prove that you are who you say you are.
For me, I’ve always opted for the service to send me a text message containing a code which I then put into the browser and the service is then happy to let me in. Another technique that is handy is the Google and/or Microsoft Authenticator app. There probably are others.
I like the sense of privacy and security that it brings to my account.
Over the Christmas weekend, I got a little nervy and tried a Beta feature on one of the browsers on my phone. It seemed to be kind of neat and appeared to work well and do what it says it does. I also have my phone reboot itself first thing in the morning just to keep it fresh and as fast as it can be.
Only, this time when it rebooted, the phone went into an endless cycle of rebooting itself. It would only get so far in the booting process and then give up and reboot. Uh oh.
I grabbed my computer and sure enough, I wasn’t the only person who had ever had this problem so I followed the steps and managed to get it to boot into Safe Mode. That seemed like a good thing. After poking around, the phone suggested that I should reboot to get back to normal and the rebooting restarted. Another launch into Safe Mode and out returned me to the rebooting so I went back to the article and the suggestion was to restore the phone back to factory settings.
All in all, it’s not a bad idea. I don’t know about you but I tend to accumulate stuff on my devices and periodically go on a cleaning binge. This seems to do it all in one shot. And, it did. I couldn’t believe how quickly the restored device booted and was waiting to do stuff for me.
As I logged in, I knew that I was in trouble.
The first block came with Google. It wanted me to verify it with 2FA. If you own an Android phone, you know how it’s kind of important to be able to get to your Google account. I suspect it’s the same way with an Apple device. I’ve been trained for this moment. I just get a text message and then … Wait!
The text message would go to the phone which I was restoring. You’ve got to be able to log in to get it. I did have another old phone handy that I could maybe switch the phone card into but I was in enough trouble to begin with and didn’t want to make it worse.
Fortunately, Google anticipated actions like what I had done and there were “other” ways to prove that it was you. That’s good; the bad part was that a lot of them required a working phone. There was one option to use the Authenticator app. A quick download and I had it on the old phone and it started generating numbers, none of which would work on my mid-boot phone.
Now, I was starting to get a little worried and did some mental math and figured that I might be in line for a phone upgrade anyway. There was one more intriguing option.
It’s available in many sites that use 2FA and that was to use one of the backup codes that I got when I registered. Pfffft. Like I kept those. On a whim, I went to my PC and did some searching to find out how to find these codes. It was actually pretty quick, easy, and straight forward. It’s all described here.
It worked well for Google and then my next step was to reload the applications that I’d lost and reauthenticate. The process was actually fairly quick and simple, if not tedious.
My big takeaway here was to RTFM and not just enough of the manual to get through the first step! I definitely had used the 2FA for browsers but it never dawned on me that I’d end up going the other way on this.
doug -- off the record 
Please share your thoughts here. I’d enjoy reading them.