Authenticator for Fitbit

Adding 2FA Code

You can enter code manually or by scanning code

By scanning code

  1. Go to the App Setting Page
  1. Go to settings page for the app and click Add Account

 
User-uploaded image: IMG_2390.PNG

User-uploaded image: IMG_2391.PNG

  1. Click Scan Code and click Scan Code button the web page that opens. Take the picture of the QR code with your camera. If the code is detected, you will get a success message. If you get error, please try taking clear picture again

 
User-uploaded image: IMG_11228E07973F-1.jpeg

 
User-uploaded image: IMG_2392.PNG

User-uploaded image: IMG_2393.PNG

User-uploaded image: IMG_2394.PNG

  1. If you get the success message go back to the settings page and click fetch code button. If the request is successful, you should see the information filled out. Make sure the Service and UserId is what you want (There should be no need to update, but if you like a different name feel free to change it. However don’t modify the Secret field)

 
User-uploaded image: IMG_2395.jpg

User-uploaded image: IMG_2396.PNG

  1. Open your watch and go to the app. Click the name of the created key

 
User-uploaded image: auth_3.png

User-uploaded image: auth_4.png

  1. Enter the code into the verification field prompted by the site
 
User-uploaded image: Screen+Shot+2020-01-31+at+9.48.50+PM.png

  1. If the site gives you backup codes, please save it in a safe location as they will help you login if you there is a problem with the Auth app

Is it secure
As long as you are not on a public wifi, it should be secure. Read below for how it works
  1. A random key and unique id for the scan is generated on your mobile and sent to my secure site which scans the code
  1. Once you scan the code, the information contained in the code is encrypted with the key that was sent and this encrypted data is sent to my server and this encrypted data is stored in database
  1. All data sent will be deleted in around 5 minutes
  1. When you do Fetch Code on the mobile, both key and unique id is sent to my server, where the data is decrypted and sent back to you. The key nor data is stored anywhere and just sent back to you so no one will be able to read your data other than you
  1. I am working on shifting decryption on mobile itself, however it doesn’t allow users to have best experience so decryption is done on server

How do I setup code in my phone app (ex. Google Authenticator) and watch (Recommended)

  1. Follow Step 1-4 above
  1. Don’t enter the verification code yet. Scan the QR code in your authenticator app as well 
  1. Enter the code generated on the on fitbit or your authenticator app to verify your 2FA

Manually setting up codes

  1. If you are unable to scan the code, most sites allow you to get the text code. Make sure you enter the code exactly without any space
  • Ex. For Dropbox

 
User-uploaded image: Screen+Shot+2020-01-31+at+9.50.44+PM.png

 
  1. Enter the key you see in the Secret field
 
User-uploaded image: IMG_2397.PNG