Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Why does Github 2FA recovery codes fail?

Tags:

github

login

I am officially blocked with 2FA! I cannot login to my Github account while I was able to do it before using one of the recovery codes. I changed my phone and the authentication app doesn't work on the new one. I used one of the codes before to login and it was successful but now none of the codes are working. I also don't have a recovery token. Does anyone have any idea what to do at this point?

like image 768
Rubbic Avatar asked Apr 04 '19 02:04

Rubbic


People also ask

What are GitHub recovery codes and how to use them?

GitHub recovery codes come to the rescue. What are GitHub recovery codes? These are special codes that we can (and must) save when we set up 2FA. If you lose access to your two-factor authentication credentials, you can use them to regain access to your GitHub account.

How do I enter a two-factor recovery code?

Under "Having Problems?", click Enter a two-factor recovery code . Type one of your recovery codes, then click Verify . If you lose access to your primary TOTP app or phone number, you can provide a two-factor authentication code sent to your fallback number to automatically regain access to your account.

How do I enable two-factor authentication (2FA) on GitHub?

Under "Two-factor authentication", select Set up using an app and click Continue. Under "Authentication verification", do one of the following: Scan the QR code with your mobile device's app. After scanning, the app displays a six-digit code that you can enter on GitHub.

How do I recover my GitHub account if I Lose It?

On GitHub, type the code into the field under "Enter the six-digit code sent to your phone" and click Continue. Under "Save your recovery codes", click Download to download your recovery codes to your device. Save them to a secure location because your recovery codes can help you get back into your account if you lose access.


1 Answers

If none of the methods described in "Recovering your account if you lose your 2FA credentials" would work (like a fallback number), then you would need to:

  • create a new GitHub account
  • contact GitHub support and see if it is possible to negotiate merging back your old account with this new one.

This situation is problematic for private repos, and GitHub does mention:

For security reasons, GitHub Support may not be able to restore access to accounts with two-factor authentication enabled if you lose your two-factor authentication credentials or lose access to your account recovery methods.

Still, only the support can tell you definitively what is possible in your case.

The OP Rubbic confirms in the comments:

I contacted github and what I ended up doing was creating a new account and they suggested that after six month they can reassign my previous email to the new account.
But I lost my previous projects and everything in it!

Lesson learned: use text message authentication, it's the easiest and safest option.

Wally adds in the comments:

Github replied after a few weeks.

The only thing they could do was to release my email and username from my account.

like image 111
VonC Avatar answered Oct 01 '22 07:10

VonC