What if Wise card and phone go missing?

Please note this sub-forum does not provide professional finance advice. You should seek advice from a licensed financial advisor.

To post in this sub-forum you must have made 100 posts or have Trust status or have completed our ID Verification.

If investing please consider our affiliate link for new accounts: Sharesies.

Forums › Finance and wealth management › What if Wise card and phone go missing?

MartinGZ

359 posts

Ultimate Geek

Subscriber

#306068 25-Jun-2023 16:12

You have your phone (and cards) stolen, how do you get Wise to cancel things? Quick answer – you don’t, at least not quickly. Longer answer is you can, but only if you prepare beforehand. Much of this may apply to other apps that rely on 2FA. Especially problematical overseas.

Wise seems pretty good, but I was doing a bit of “what if” testing when travelling. The worst scenario is possible (think handbag, bum bag etc), and as far as I can see Wise has no recovery procedure for this, other than contacting them. If anyone can come up with an easier method that would be great.

If you have secure access to the web, you still can’t access Wise, as Wise tells you to use your phone to authenticate the login, but your phone has been stolen and like the thief is going to let you in – NOT. Wise Help has absolutely no advice about how to get around this, the nearest advice is for a phone number change which may not/probably won’t solve this issue.

The following methods are those that may or may not work, in my order of preference. I’ve only tested one of them.

Have a backup phone (with Authy) and perform SIM swap. NOT tested. Take backup phone AND SIM Swap card with you. Phone NZ provider and get SIM Swap done to backup phone or even a new phone. Best to have recorded IMEI and SIM numbers of existing phones. This option will solve a lot of issues with other apps as well. Block old SIM and phone.

Have a backup phone with Authy loaded. Tested. You need to have Authy and have it registered with the Wise app (needs to be done through web version of Wise.) Authy needs to be installed and possibly your financial apps. Personally, I would not have financial apps on a backup device – if you don’t have a safe, where do you put your spare phone? They can always be installed later. Authy cannot be installed later if, as you should, you have multi-device turned off.

Phone/chat/email Wise, but they have very restricted hours (seem to be Mon-Fri 0800-1500 UK time) and seem hard to get hold of from what I’ve read. NOT Tested. Difficult finding the right page on the Help screen. A few links below.

Get a new phone number (and phone?) NOT tested. I assume that the new number assignment needs the existing phone and hence the existing installed Wise app. There is no discussion in the Wise help about a new number AND a new phone.

I’ve also written myself instructions for Option 2, will add these to the post if anyone asks. Using Authy with Wise is not as straight forward as it should be.

Authy Help Lots of good info

Talk to our team | Wise Help Centre (Login first? Hours seem to be Mon-Fri 0800-1500 UK time.)

What should I do if my Wise card is lost or stolen? | Wise Help Centre

I’ve changed my phone number and can’t log in | Wise Help Centre

I've forgotten my password | Wise Help Centre

Nokia 6110, 6210, 6234, Sony Ericsson XPERIA X1, Huawei Ideos X5 (Windows Mobile), Samsung Galaxy SIII, LG G4, OnePlus 5, iPhone Xs Max (briefly), S21 Ultra. And I thought I hadn't had many phones - but the first one around 1997.

freitasm

BDFL - Memuneh
79254 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#3094805 25-Jun-2023 19:10

Also note that you can have Authy on a computer and automatically sync your codes.

jonherries

1395 posts

Uber Geek

Trusted

Subscriber

#3094813 25-Jun-2023 19:48

Yeah I have mine in 1password now.

robjg63

4096 posts

Uber Geek

Subscriber

#3094916 26-Jun-2023 08:56

What if on the Wise login screen (Web browser), you click the 'I haven't received a code' (or whatever the message is) when it is waiting for you to use the app to authenticate?

I guess that is something of an issue with any 2FA that needs your phone.

I have 2FA turned on for my ANZ banking and it sends a code to my phone for login purposes.

If you were overseas and got your phone and wallet stolen, you couldnt easily log in and turn off your cards...

Not really a problem just with Wise cards.

Nothing is impossible for the man who doesn't have to do it himself - A. H. Weiler

turtleattacks

914 posts

Ultimate Geek

Trusted

#3094953 26-Jun-2023 09:42

Looks like you can change the number if you upload ID.

So I was wondering if getting a new number, new phone would be a solution?

This is likely an automated (AI) solution.

----

Creator of whatsthesalary.com

MartinGZ

359 posts

Ultimate Geek

Subscriber

#3095061 26-Jun-2023 13:19

@freitasm.

Agreed, but I was more thinking of the travelling situation where I have no access to the desktop, sorry if that didn't come across. At home in NZ none of these issues would occur. The multi-device part of Authy is why I chose it in the first place, I think back in 2015.

@jonherries.

I think you are saying you are using 1Password to provide the TOTP token. If you do this, you no longer have 2FA. I someone hacks and steals the 1Password database (think LastPass), and if they crack your PW vault, it is toast. Having a separate 2FA app ensures they cannot gain access. And surely you would protect your PWM with 2FA, so you need another app to open the PWM in the first place. I use Bitwarden and it has the same facility, but I opted to use a separate 2FA app. That said, this whole thing is getting so complicated that there are times where I might consider doing it on a temporary basis, for individual logins such as Wise. I certainly wouldn't do it for my main banking app.

@robjg63.

"you click the 'I haven't received a code' ". Yes that is my Option 2 above, but you need access to your authenticator app.
Totally agree on the rest of it. I call it Circular 2FA. The app needs a 2FA token, but the 2FA is provided by the app on the device. Protects your database on the server, but is a right PITA if someone steals your phone. As I hinted in the first paragraph, it does of course apply to other apps. I was against Kiwibank not providing TOTP 2FA for login, but now relieved they don't. They rely on secondary questions after password entry, which in effect is a form of 2FA.

@turtleattacks.

Yup, that was my Option 4 above. However, given what I know about Wise, I'm assuming that would be a new number to your existing phone and currently installed and active app, as they are likely to try to authenticate through the app. But of course I don't know for certain. Want to try it out for me 😁? Nowhere in their help files could I find it referring to new number AND new phone.

jonherries

1395 posts

Uber Geek

Trusted

Subscriber

#3095085 26-Jun-2023 14:38

I think if they get into 1Password I am pretty toast in general.

I wonder about having it in another password manager or app. Presumably it needs to be backed up (otherwise same problem as Wise has) and it could as easily be hacked by someone who is motivated as 1Password (I am not sure either of these are easy)?

Perhaps a hardware key is useful, but in that don’t know if it works with phones?

Jon

MartinGZ

359 posts

Ultimate Geek

Subscriber

#3095211 26-Jun-2023 23:33

jonherries: I think if they get into 1Password I am pretty toast in general.

Not if you have your vault protected by 2FA. They may figure out the password, but unless they have the 2FA token, the vault will not be unencrypted. At least that's my understanding, and indeed the whole point of 2FA. Which is why the authenticator should be a separate app. It at least buys more time.

jonherries: I wonder about having it in another password manager or app.

Initially thought yeah/nah, then thought I'd give it a go. I have a copy of Dashlane that was about to expire (tried it out but went for Bitwarden), so I generated a few new keys for a couple of logins with 2FA, and added them to both Dashlane and Authy, and both worked fine. Running the two together you can see the same token being generated.

Dashlane needs a website link to add a new login, but anything will do e.g. bloggs.com. You can then get Dashlane to add the 2FA code to that entry by scanning the QR code. One of the nice things about Authy, is you can change the default entries so that the names and logos do not link to the account. You can do the same with the entries in Dashlane, so even if someone gets access to the Authenticator, they haven't a clue what the entries refer to. Of course if they gain access to both the PWM and the Authenticator apps, it wouldn't take long to figure it out.

Adding Dashlane to a new device requires the normal passwords, but it also generates an email with a code, so you need to have email on the phone first. Not a big issue and it is way easier than adding Authy to a new phone.

So I'll be generating new 2FA codes from Wise and adding them to both Authy and Dashlane, long term I might do away with Authy, but will give it a few months. The advantage of Authy is it is free. Don't know if the free version of Dashlane allows TOPT generation.

It's still a bit of a mission reinstalling Wise on a new phone, but at least the 2FA aspect will be easier.

Many thanks for the idea Jon.

Apps that can add 2FA generation to a password entry follow (please add if you know for certain. NB, most PWMs will have 2FA protecting the App but few have TOTP generation for individual logins):

Bitwarden

1Password

Dashlane