Last week was a tough time in my life.
I bought a new Sony mobile phone and gave my old one to my son. Then, I factory reset the old phone. Since I used to log in to my GitHub account through the browser's auto-fill feature, I had forgotten that I had set up 2-factor authentication for my GitHub account!
Then, something happened. After clearing the browser's cache and browsing history, I couldn't log back into my GitHub account. I had lost my 2FA device, and I didn't have any recovery codes.
According to GitHub's help page, it says:
Warning: For security reasons, GitHub Support may not be able to restore access to accounts with two-factor authentication enabled if you lose your two-factor authentication credentials or lose access to your account recovery methods.
I had a sinking feeling when I read this paragraph. I had no fallback phone number, no recovery codes, no FIDO U2F keys, and no recovery tokens stored on Facebook - I had nothing that could help me recover my account.
It seemed like the only thing I could do was to write numerous emails to GitHub Support and hope to receive responses from them.
Finally, three days later, a GitHub Support staff member named Clark replied to my email. He said:
If you don't have valid recovery codes, you may be able to verify account ownership using an SSH key you have added to your account. To do this, please run the following command on the computer where your SSH key exists, and send us the full output:
ssh -T git@github.com verify
In the end, Clark helped me disable my 2FA, and I was able to log in to my account again.
Comments
Hi, I read through the method to recover the recovery code and disable 2fa. I used the same command on my terminal but unfortunately it say s permission denied (public key). Can you please suggest a solution to access my respository.
Hello. The meothd I metioned is only available to the condition of having access via CLI. If you don’t have permission via CLI, you have to send an email to GitHub support team to ask for help to recover your account.
I got brand new hardware (phone/laptop). Since I cannot get the PAT or SSH information to restore my 2FA, even if I have the password to my GitHub account, I cannot get back on GitHub. The only solution GitHub can provide me is to replace the account with a new one with the same emailaddress and user name.
I lost my Google auth app, As I have to hard reset my phone, at the same time I installed a new Operating system in laptop, So I lost everything. I don’t have recovery codes, don’t have verified device, Only have access to email. What should I do? Please help?