I've done a bit of experimentation which is related to [this question](https://android.stackexchange.com/q/257132/40347) . 2FA has been active on accounts, however, Find My Device seems to no longer require the second factor - only password is required. This seems to be the case when using an authenticator app, as well as the case of using a phone as a passkey. I also tested using a VPN to make my desktop IP one in another country. Can anyone confirm this or have an canonical links to this change by Google? I guess this makes sense in the case of a lost device where you need to log into a fresh device in order to locate it, and your device was the second factor. However, on the negative side any threat actor with your password only can locate your device and lock or reset it, albeit with a notification sent to you first.

If I use Passkeys, do I need to enable 2fa and mfa or a physical security key?

I use a service for which I'm forced to use two-factor authentication whenever I log in. It's pretty inconvenient and unnecessary, so I would like to automate accepting the authentication request when it arrives on my phone. The service uses an Android app that sends a notification when an authentication request arrives. When I then open the app, I need to insert a 4-digit PIN code which accepts the request. I tried using an automation app (MacroDroid) to open the 2FA app whenever it sends a notification and simulates the four clicks. However, this only works when the phone is unlocked, and as far as I understand, I will run into this problem with any automation app. The goal is to accept any authentication request without having to interact with my phone. Is there a way to insert the code without unlocking my screen? Would I have to root it? Or do I just have to keep my phone permanently unlocked?

After installing the Microsoft Authenticator in a new device, I logged on to my MS account and all my 2FA app codes are there, as expected. Perfect. After installing Google Authenticator , no codes appear: The ***Transfer Accounts > Import accounts*** option simply shows the attached dialog asking me to *go to my previous device* to continue. Is this some kind of sick joke from Google? What happens if my "old device" was stolen, lost, dropped from a bridge, bursted into flames or otherwise destroyed? I simply loose access to ALL my 2FA accounts. **Any ideas what's the procedure in this case?** This is all theoretical, I've never lost a phone, but it could happen anyway and I prefer to anticipate to this. Of course now my main 2FA codes app is Microsoft Authenticator, but the Google app should have considered the option of users losing phones somehow, otherwise the Device Locator app from Google would be pointless.

I can not log in with 2FA from Microsoft Authenticator. Although the time is correct on my Android phone, when I use the authenticator app, I can not log in to my sites. It displays the wrong code. How to fix this? I tried to set my phone date/time to automatic but the problem remains. I googled and find on the search there is an option to sync time inside Microsoft Authenticator, but I can not find this option in the settings menu.

I'm starting to use Google Authenticator for more and more things now, but I've just realized that if I lose my phone, or if I need to wipe and restore it to install new firmware, I will lose all of my codes. Is there anyway to back them up please? Or some kind of fallback that means I can restore it to a new device?

I moved an account from phone x to phone y and secured the account so that phone x had no access anymore. Next I enabled 2FA through the phone number on the new phone, phone y and **discarded** phone x. That worked fine. Then I changed my phone number without updating the 2FA. On phone y I sent an e-mail to myself to confirm that the account was at least working, which it was. When I tried to login on a new phone to the account I ran into problems with 2FA because of the now-defunct phone number. Oddly, the option to hit "tap" on a phone was presented as an option. However, there was no message on phone y about this. No model was mentioned, so possibly it was an alert for phone x for some reason. I went into account settings on phone y and *believe* that added an additional number for 2FA after entering the pattern to confirm that phone y was mine. I also had a confirmation code sent to a secondary e-mail. This I thought would be the solution. Trying to sign-in on phone z to this account brought up an option to sign-in, now specifying phone y by model. However, there were no alerts on phone y as I would expect to see. Ultimately, it turned out that I was now signed out of the account on phone x. I had an e-mail sent with a confirmation code, again, and entered the confirmation code. Now the account is locked for twenty four hours. Clearly, I should've confirmed that phone y was logged into the account and connected. Unfortunately, when logging into the account on phone z the phone number was still listed as the old number. I'm waiting twenty four hours for an e-mail from Google while they evaluate, but is there something else I could've done here? Now that I'm logged out of the account on phone y it's seemingly now behind a wall of 2FA with an old phone number.

I would like to be able to generate *pingID* 2FA keys from a generic OTP app such as freeOTP for Android, authy for windowsOS or an OTP app of a smartwatch. The service allows me to enrol 2 devices and at the moment I have a device with the official "pindID" client. To enrol the 2nd device the admin page generates a QR and provides a key/string Updated: Originally I was using the default QR or the 13 numeric string to enter manually. But I've discovered that it is possible to generate different ones through selecting "authenticator. Then, this QR is recognized by 3rd party apps and the string is 32digits alphanumeric. Now the device appears as paired in the pingID/pingOne console. However,the device generated code is not working on pingID auth prompts. BTW, there are differences with pingId client: PingID client requires to log with a 6 pin password and code/token is renewed after seconds generic OTP apps, don't require app and the code/token is renewed after much more time 3rd party apps tried: Android: (freeOTP, freeOTP+,Aegis) WIndowsOS: Authy Smartwatch one (not android) pingID=pingidentity from https://www.pingidentity.com

For Google 2-Step Verification (Android) Google prompt, from Google UI, it states that 'After you enter your password, Google prompts are securely sent to every phone where you're signed in.' But, that is not true. I have 3 phones which are signed in. But Google prompt keeps popping up only on one phone. This annoys me much because I don't take that phone with me all the time. I don't want to sign out that phone because I need to use it sometimes too. How can I let Google prompt send to all the signed in phones? (OR temporarily block that one without signing out)

I accidentally broke my OnePlus 5 which contained the recovery codes for my Instagram and Facebook, both were using Authy as their two factor authenticator. Thing is I apparently don't remember my Authy backup password either, I've tried all my common passwords. I logged into Authy on an old phone (Moto G5 Plus), I've tried all my common passwords, none of them seem to work. There's no other way I can login to my Instagram. For Facebook they're asking for a government ID which I'm not comfortable providing. Authy is the only thing preventing me from accessing my Instagram and Facebook. Is there any way I can brute force the password out of Authy on my phone? There's no desktop version or Firefox extension/add-on that I can use to login to unfortunately. Or is there any other method that I'm missing? Any small help would be deeply appreciated. Thank you

How do I set the time on Android, including setting the seconds? I have an android handset that has no SIM, is permanently on airplane mode, and therefore doesn't sync its time from cell towers. I use TOTP 2FA for many of my accounts, and sometimes the clock on my Android isn't precise enough to produce a valid OTP token. Therefore, I'd like to set the time manually, and TOTP would greatly benefit from being able to set the seconds as well. Unfortunately, it appears that the default "Settings -> System -> Date & Time -> Set time" route only permits me to set the hour & minute. First, when I set the time with only the hour & minute per above, does the seconds field get set to 0? Or does the seconds field remain unchanged from before setting the updated time? Second, how can I set the seconds in addition to the hour & minute? Bonus points for an answer that includes a GUI app from f-droid. The CLI works, but it's not exactly accessible to most.. Is there no app in f-droid that supports setting the time with seconds? I used to use NTPSync , but now it appears to not actually change the time after a successful ntp query. fwiw, I'm using LineageOS and Android 9.

I've recently changed my gmail password and now i forgot password before this time i was able to reset it by OTP that Google sent to my number for verification but this time i enabled 2FA and Google asking some more steps to verify like when is my account was created. I submitted all the things together with an email address to reach me but at the last it shows 'Google couldn't verify it's you'. Please, Is there any solution and steps where i can change this in my Google App for android ? *My account don't have any recovery email, it includes only phone number for verification.*

I have my Outlook app synced to a number of different accounts, including Gmail, Blacknight, and 3 different Outlook 365 email accounts. For the last 36 - 48 hours, 2 of the Outlook email accounts have been constantly requesting me to sign back into the account, using TFA. This seems to happen every 2 hours or so. I've tried going into the settings, and resetting the accounts, but this does not seem to work. From memory, the settings on the email accounts are set to require TFA every 14 days. This issue does not happen for the other accounts linked to the Outlook app. - Outlook version is 4.0.16, last updated on the 19th Sept 2019. - Android version is 9, with patch security from 1st August, 2019. - Phone is a Samsung Note 8. Any suggestions on how to resolve, as it is very annoying?

My google account is requiring I [confirm my identity using an Android device](https://support.google.com/accounts/answer/6046815?hl=en) , but I have no android devices. I had logged in with one over 4 years ago, but no longer have any (switched to IOS for work). I do have some Windows VMs and thought to possibly run the Android Emulator to simulate an Android device, but had thought from past experience that Google Play Services wouldn't run through the emulator, so likely many of these types of features wouldn't work. Thoughts on how to get past it without having to buy a $50 TracPhone, which just seems like simple extortion? I see no google-groups or other means of contacting google-account-services support.

Can an Android device be used for 2FA for an Apple/iCloud account? Google didn't return anything useful. (Couldn't find any appropriate tags to use)