I’m currently locked out of my Twitter because I had 2FA via Google Authenticator. My phone messed up and I had to factory reset it. So naturally, I lost my 2FA codes for some accounts. Twitter is the big one for me. I’ve contacted Twitter Support almost a week ago but I have yet to hear back from them. Anyone have any ideas?
Google Authenticator usually offers backup codes upon installation. Do you recall having those saved somewhere?
Too little too late, but I use LastPass Authenticator as it is saves my codes.
I too was locked out of my twitter account as it randomly signed me out of all devices. I had to at one time used SMS then switched to one time codes (Authenticator). Twitter wanted to me to use BOTH to sign in again (3 factors). I had since ported that number to voip.ms, and it couldn’t receive the SMS.
After a few weeks of unanswered support emails, I wasn’t finally able to reset my PW with the my one time token.
Best of luck to you. This is the danger of MFA.
Yes, a bit late for the OP, but I always print out the QR-code and the recovery codes for just such an eventuality and keep them in a safe place.
It saved my bacon this week. I set up accounts for my wife with 2FA on Google and Outlook.com a while back and she broke her phone. At the weekend I wanted to add a backup Yubikey, but it wouldn’t let me log on without an authenticator code. I had to dig out the Google recovery codes to unlock the account for her.
Depending on whether you trust it, I have been using Authy for years to keep all backed up so a broken phone is not an issue.
Did you try clearing your 2FA security settings from a logged in browser or device? This should work in all cases.
Otherwise try their recovery/password reset procedure if there is an option and it may allow an alternative option to gain access to your account.
According to their help section, be aware of the following:
I do have backup codes for my Google Account. Would that be the same thing?
The problem with this for me is I was only logged in via my Twitter app on my phone. I wish I would have logged in via a webrowser first.
You would need backup code for Twitter.
Twitter does have single use backup codes. You are required to be logged in to receive them but you should be able to use them to login without 2FA if you have one backed up or written down.
This doesn’t help the lock-out, but I’ll recommend OTP Auth to hold authenticators. It allows you to sync via iCloud, back them up to a file, and has other cool features.
I started with Google -> Authy -> OTPauth. Good stuff; recommended by @sggrc. Unlike Authy, the developer doesn’t control sync of your data. But as @Pommster said, it’s all who you trust.
This is the scary bit right - when this happens it’s a complete nightmare. I am simply too scared to invest in 2FA for this very reason. I know I should do it - but I just try to keep really strong passwords with LP. Best of luck. Love to hear how you mange to solve it. Printing the QR’s - if only I knew that idea years ago. Kinda too late for me now. I just hope the ones I do have never get lost somehow.
This is the reason why Authy solved this problem. It syncs the code to multiple devices, including PCs (via the cloud.) In theory you need one of these devices to allow any new device to join those able to sync (which is a form of 2FA for Authy itself.) I keep my old phone (with no SIM and a failing battery) on WiFi (plugged into power) sitting beside my desktop computer for just this use case.
Ok, good to know that. However, is it true though that you can’t always use Authy on all services? Its not always a choice is it?. I do have Authy but last time I tried to use it, it asked me for a password for the backup. I thought I knew it but clearly not - nothing I normally use would work. And I don’t seem to be able to clear it and start again. And the service I tried it with now has that old setup somehow locked in - I think. So that’s why I’m so dead scared to re-enable 2FA on that service since I can’t get back the Authy setup I had started. Where do I go to ‘reset’ all that and start again? These are just a few of the questions I have running around my head without even beginning to try it again. I often think I should try again to use it but the thought of getting stuck just scares me off again.
Well nothing is going to help you with a forgotten password. But you’d be not further behind if you lost your 2FA TOTP tokens and didn’t have a backup. As for recovering a lost Authy, I donno, as I have never had this experience. I suspect they may have some FAQ’s on their site though? https://authy.com/help/ the first link appears to be “Reset Account.”
Thanks for the link. Yes the lost password sure is a show-stopper. My only choice is to reset the app - and there was help on that in the FAQ. One day I’ll muster the courage to give it another shot. Printing the QR’s is an excellent idea. That is absolutely the way I’ll do it next time. Cheers mate
Here is an update:
It has been almost a month since I lost my 2FA with Twitter. I sent two support tickets and have yet to receive an update from them. I did find out that sending that second ticket was a bad idea. Apparently the more tickets you send the more it puts you behind in the support queue. Today I sent a second email via the automated support email they sent me 20 days ago. I was very nice in that email, and noticed that my previous email could have been taken as rude.
My tips for other people with this issue would be:
-Only submit one ticket
-Be nice in the email you send them
I’ll keep you all posted if I hear anything.
That’s rough. Losing 2FA is one of my nightmares, even though I follow Steve Gibson’s lead by retaining a hard copy of the setup keys for all accounts.
Sidenote off-topic - DAE hear that Bruno Mars song “Locked out of Heaven” whenever they read this topic title??
I’m back in!
After 44 days of being locked out of my Twitter because of the 2FA issue, I was able to get back in today. Here is what I did for people that might have this problem in the future.
- Submitted a ticket (And I submitted a 2nd one, which I should not have done.)
- Reply to the ticket (And be nice about it. I was rude on my first response and I don’t think they liked that.)
- Re-reply to that same ticket (Nicely) once a week until you get a response.
- Do what ever they ask you to do in the response in a timely manner.
- Reply to the response (nicely)
- Wait a few hours and hope you receive an email saying your issue has been fixed.
- Log back into Twitter, and make sure you don’t make the same mistake you made last time.
I don’t know if how much of the time to fix my issue was Covid related, but I’m pretty sure their support does not have enough people that work for it.
In the end it took about a month and a half to fix my 2FA issue, but it is something that can be fixed.