Part I: How to recover from losing 2-factor verification credentials.

Posted by Sagiss LLC on Fri, Dec, 23, 2016 @ 13:12 PM


You're locked out of your account, which uses 2-factor authentication (2FA). Now What?

Well, there are a couple things you can do, and more importantly, a couple things to prevent such a frustrating problem from ever happening again, hopefully.

First, for those that may not know what 2FA is, it's an essential security measure that uses your phone to help prevent unauthorized access to your account, usually by way of text message or an app like DUO.

There really are only a handful of solutions if you get locked out of your 2FA credentials, but hopefully one of the following can and will help.

Bust Out Those One-Time-Use Backup Codes

The quickest solution would be to use your 2FA security codes or tokens. Many 2-factor services will give you a set of codes/tokens that can only be used to access your account one time. If you have these codes (hopefully written down or stored on a secured device), they can be used to unlock and access your account instantly.

If they are stored on a password manager (more on that later), just use the master password and login to retrieve the codes.

No Phone, No Problem


The next easiest, but not timeliest, solution would be to get another phone. In most cases, the first thing you did when you set up your 2FA was to input your phone number for a quick text if you get locked out.

If you did indeed do this and you don't have access to your back-up codes, then getting a new/old phone activated with your current phone number would work. The hardest part is waiting for the phone and getting it activated.

After you have successfully switched to another phone, try logging in. There should be some text that says something to the extent of "problems with code, send another."

Sign in from a trusted computer. If you have previously used a computer to login and made your account remember that computer, you might have luck gaining access without a verification code. If you don't have your backup codes, turn off 2FA verification once you're logged in until you can gain access from your device again.

If you have access to your voicemail, some accounts will let you retrieve a verification code via your inbox. Just fill out the appropriate information and access your voicemail from another device. NOTE: be sure to erase the message after you have access to your account.

Some accounts also have an account recovery form that you can fill out. This step requires various account verification methods and may vary depending on the account type. It may take a few minutes to complete, but is obviously worthwhile.

These are the main ways to gain control of your account that uses 2FA. If there are others not discussed here, please feel free to comment below and we will update this post accordingly!


 Further Reading:

Part II: How To Prevent Losing 2-Factor Verification Credentials