Last week is a tough time of my life.
I bought my new Sony mobile phone and gave my son the old one then factory reset the old phone. Because of logging in my GitHub through browser's auto-remember, I had forgotten that my GitHub account has 2-factor authentication set!
And then some things happened. After clearing the browser's cache and browsing history, I could not log in to my GitHub anymore. I lost my 2FA device, and I didn't have any recovery codes in hand.
According to GitHub's help page, it says:
Warning: For security reasons, GitHub Support may not be able to restore access to accounts with two-factor authentication enabled if you lose your two-factor authentication credentials or lose access to your account recovery methods.
I had a bad feeling when I saw this paragraph of text. I had no fallback phone number, no recovery codes, no FIDO U2F keys and no recovery token stored on Facebook - I had nothing that can get my account back.
It seemed like the only thing I can do is to write a lot of emails to GitHub Support and expected to receive responses from them.
Eventually, three days later, a GitHub Support staff, Clark, replied to my email and told me.
If you don't have valid recovery codes, you may be able to verify account ownership using an SSH key you have added to your account. To do this, please run the following command on the computer where your SSH key exists, and send us the full output:
ssh -T firstname.lastname@example.org verify
Finally, Clark helped me to turn my 2FA off, and I can log in to my account again.