We often get wrapped up in the moment of getting a new phone and forget about 2FA codes and managing our Identity…
We all need these 2FA Codes to login and run our lives to it’s important to give this some thought and plan ahead.
Your mobile is an important and integral part of your security solutions and provides important functions like running your Authenticator Apps such as the Microsoft Authenticator and Google Authenticator and gives you mobile email and access to your Teams, SharePoint, OneDrive and very often your online banking just to name a few.
Follow these steps to avoid login & identity issues.
Keep your old device available until you have all your Authenticators setup and working for all your accounts.
It’s your responsibility to make sure these all work before retiring your old device and you should ensure all the important apps work and that you can get into all your important accounts.
This means don’t trade in the old phone on a new one in store as they usually wipe the trade in device before giving you the new device. You can usually do the same deal via post if you feel you want to trade in the old phone, you will normally have around 2 weeks grace to get the old one back to the supplier.
Some of your Apps will require you to sign in and verify your identity in order to add a new mobile device and this will often require you to be able to do 2FA and verify your identity. To get to that part normally means you having your old 2FA codes working. We have seen some cases where you can recover backup codes or one time passwords to an email but if that has changed or you no longer have access to your backup email etc (perhaps it was an ISP based email like a Bigpond email and you cancelled it because you changed ISP…). There’s many things to check…
We recommend you keep your old phone until you verify everything that matters.
A Checklist ?
While checking these off it’s a good time to make a list in a place you can easily update it as things change (eg OneNote) and keep it somewhere you can refer to next time you change your phone.
The checklist could include:
- A list of Apps you need to check
- A list of accounts to check your logins on and which 2FA method you are using for each them
- Where you keep your 2FA recovery codes
Remember it’s not just Authenticators but some things like MyGov/MyID:
We recommend using Microsoft Authenticator (icon below) to secure your Microsoft accounts.
We recommend the Google Authenticator for all your other accounts such as Xero, MYOB, and others. This is because exporting your 2FA settings in the accounts you may have in the Google Authenticator is easier than in the Microsoft Authenticator. These have also been seen to transfer easily from one device to another.
Setting up your Microsoft Authenticator
When you connect your new phone you will have to setup your Microsoft Authenticator from scratch and then you should enable Passwordless login.
You will need to know your Microsoft Password to do this, remember your password is different to your PIN. If you don’t know your password then please contact your IT support for assistance.
Once done you should go back into your Microsoft Account and look for any Microsoft Authenticators that are on your old device and remove them.
Retiring your Old Phone
Your old phone will almost certainly contain private and confidential information all over it so to protect your identity and safeguard your data you should factory reset and wipe the phone.
We recommend having the store wipe it in front of you and you should see the default out of box startup experience happen after this has been done. Doing a “factory reset” yourself is not hard so if you are comfortable doing it yourself, then do that.
There are many different devices on the market but here’s links to reset an iPhone and an Android phone.