Symantec Developer Group

(my question is ONLY in the context of 3rd my party accounts,  such as Merrill Lynch, eTrade,  eBay , PayPal  ect...  not for your place of work using VIP 2FA where you can easily contact your work IT admin)

My question is-  on the Sym. VIP access iOS app, how do I login to My Paypal or My Merrill Lynch account *IN THE CASE that* i get a *new* iPhone ,  or have to do a full iCloud Restore ?   as the VIP App's Credential ID will of-course CHANGE on new device/restore,  *thus* the 30s generated VIP Sec Code will not match up with my prior codes  (so i wont be able to login to account at that point).

The KB / faq doc gives this unacceptable answer to my question:
"Use the new Credential ID. 
You will need to register the new Credential ID with the vendors you use your 2FA (2 factor authentication) services with.  Each vendor will need you to update your Credential ID with them "

So how exactly do you "register the new Credential ID with the vendors"  IF you CANT login to the account any longer??

If the answer is to have a backup method to logging-in to your various accounts,  such as SMS backup,  that defeats the ENTIRE purpose of using 30s generated codes.  (as all a hacker has to do is click i dont have my VIP access code, and you are back to SMS based 2FA)

I have used TOTP based QR codes for many years,  and these QR codes i physically BACKUP/PRINT offline,   when i initially scan them into VIP Access .  ( so i can always re-scan them into any new phone or device i may have to get in the future, and can still login to these services).

I have searched the Symantec Forums vigorously, and the only "answer" i found to this:
" Contact your Workplace IT admin to update your Credential ID"
(un acceptable, as im asking about ebay, eTrade ect...  its un-reasonable to expect users to have to call in and prove their identity to ALL their VIP 2FA (non-QR code) based accounts EACH time user gets a new phone or does a restore.  Thats also assuming EACH of these providers's phone support reps even KNOW what a Symantec VIP 2FA Credential ID is...)

I have also read this FAQ / support doc,  but it does not offer a complete or valid answer :

http://www.symantec.com/docs/TECH236551

Please let me knwo the answer or way to address this issue.

Thank you!
-D

I definetly have this question also.. this is for the QR code enabled dual authentiction in the VIP application. I just called support and after two technicians soke to me they still did not know the answer to this question. I have been using LastPass as an authenticator app in my iPhone. LastPass backsup the codes for you so if you change your phone they can be restored. Does Symantec have this feature?

Link to article regarding LastPass Authenticator Cloud Backup: https://lastpass.com/support.php?cmd=showfaq&id=11272

My Questions is: "ABOUT THE VIP APP CREDENTIAL ID BASED SECURITY CODEs  (which you CAN NOT backup ,  as far as i can tell)".

AMANDA:  just  *SECURLY* save and/or print out your QR codes,  you can re-scan them in when/IF you get a new device.  if you dont have access to the QR codes anylonger,  then login each xyz service, and re-generate + re-scan them and then save them.

Althought i can say i share the same frustriations as amanda,  in that calling Symantic support did not help (they had no answer for this), +  neither symantic's KBs nor their chat support contain any info which resibmles and answer to this question.  Google searches also do not turnup anything addressing this issue/question (beyond " Update your Credential ID" at xyz provider/service,  which you CANT access wo codes)

tks

Hi there -

The website or other resource you are logging adds an alternative method for logging in. This is often the 'forgot password' feature, where you reset your password and add your credential ID after using other means of verifying who you are. Checking eTrade and PayPal websites, this is how they do it.

You are correct about the security codes - these are algorithmatically generated and cannot be backed up or re-used.

Hope this helps. Please reply with any additional questions.

No backup solution is present (as for Authy or MS Authenticator) as I see, but when you set up 2FA with Symantec VIP you also get a secondary method in place, so I guess when the smartphone is broken (where the VIP-app is/was), you then use the secondary method (SMS to another phone where you inserted the old SIM-card). Then disable 2FA from the account and then re-enable 2FA on the account (and then register a new VIP-app in i the new phone)...

It would be good if Symantec could confirm this process...

/Nomen