Guild Wars 2

Greetings,

On Christmas eve, December 24th, I broke my smartphone that contained the Google authenticator app. I have since bought a new phone and contacted support for removing the link to the authenticator app on my old phone. The experience was smooth, and the support team was very responsive and helpful.
However, I was a bit surprised that there’s no automated process for this. Since phones can get stolen/broken, it would be much more efficient to implement a system using the same method Steam Guard does. When an authenticator is set up on Steam, the user receives a recovery code in his email which he’s instructed to keep. Since my Steam authenticator was on my old phone as well, I simply logged into my Steam account and cancelled the authenticator with the recovery code that was just sitting in my email, waiting for his time to shine. I’m not a developer myself, but it seems like this would not be too difficult to implement, plus it would save you a lot of time on cases like mine.
Personally, I find the need to contact support and wait for a response a deal breaker for using the authenticator app. I know there’s also SMS verification, but using a different method isn’t a solution but merely means of avoiding the problem.

Cheers,

The code you used to initially create your authenticator is your “recovery” code. That code can be used again whenever you want to create the same authenticator. Storing it in your email however is a vulnerability.

When I set up my Authenticator app, I was given a code and told to store it in a safe place (in case I needed to set up and use again). (It wasn’t sent by email though, but part of the installation process. We choose the safe place to store it.) Isn’t that the same thing?

Or does that not work with Google?

I had just now set up the Google authenticator again to see if there really is a recovery code and there definitely isn’t one. To unlink you’re required to put in 2 consecutive codes, which requires you to have access to the authenticator.
I think they should provide you with another code when you set up the authenticator that will enable you to remove the authenticator should you lose access to it somehow.

Nemo.4095:

I had just now set up the Google authenticator again to see if there really is a recovery code and there definitely isn’t one.

The “recovery” code is the key you’re initially given to setup your authenticator. It doesn’t unlink your authenticator, it allows you to recreate your actual authenticator. Authenticators are very simple, as the generated codes are basically a combination of that key + time, so you can reuse that key to make however many identical authenticators you want.