An initial problem with 2FA and logging into BlockFi has turned into an interesting problem that I am not sure has been satisfactorily resolved.
On trying to log into BlockFi today I discovered that my 2FA token was not being recognised.
In order to log in I used the original Recovery code that is created when you first sign up. Obviously this is not a satisfactory solution and I must have a valid 2FA token for future use.
This is a problem that I have encountered before with other applications and I thought I had the solution. Firstly check and reset the time on my 2FA generator, in this case Google Authenticator (other authenticators are available) , there is an option in settings that sync’s your device to the servers at Google. No joy. So after searching for solutions one suggestion I saw involved resetting the on the device used to login.
This contradicts my understanding of how the 2FA token works and would involve the syncronization of 3 time stamps. The timestamps on
the application, the 2FA generator, the computer
To my mind the time stamp on the computer should be irrelevant (as only the App and the 2FA generator need to be in sync ) but worth a try under the circumstances.
So I check that the time is correctly set on my Linux PC and reset.
name@computer :~$ timedatectl set-ntp yes
Still no joy….. as my PC is dual boot I thought I would make doubly sure the system time was working by resetting the time under Windows (10).
2FA still NOT working
My only solution at this point is to login using the recovery code, switch OFF 2FA and then switch 2FA back on to create a new token. This still did NOT work. To cut a long story short to create a 2FA token that works under Google authenticator I first had to DELETE the token in Authenticator, rather than just scan and REPLACE.
So the fault lies with Google authenticator when generating and replacing the token but does not occur when deleting the token and generating a new token.
The fault could also lie with my phone by not saving the new code correctly when using scan and REPLACE.
Lastly I still have no idea why the initial 2FA token I was using failed after using it successfully for a number of weeks.