Hello, recently i had enable the Two Factor Authentication or 2Fa . I had done with the help of google authentication which i later camed to know its not at all reliable also i stored Recovery Codes which also keeps on changing when we change the security settings.
So right now both of them are not working, i am locked out from my account.
So to recover my account i used my Facebook Token, and also emailed the support for the same (to review my token as it was ready for review)its been 2 days i have got no response. so what should i consider?
Solved! Solved! Go to Solution.
> Hello, recently i had enable the Two Factor Authentication or 2Fa . I had done with the help of google authentication which i later camed to know its not at all reliable
There may be some other issue going on with your phone related to time, I have been using and administering github as well other applications that use Google Authenticator for many years without issues. A lot of companies and individuals out there rely on Google Authenticator (multiple times) every day. Like anything nothing is perfect but I would encourage you to not jump to conclusions about the overall reliability of a product used by hundreds of thousands of people because of a very small number of issues. Quite a few other time based MFA applications out there are based off Google authenticator implementation.
> also i stored Recovery Codes which also keeps on changing when we change the security settings.
What are you changing? From what I have observed the only time your codes will re-generate is when you login, go to https://github.com/settings/security, then click "Show" under "Recovery codes" section, and then "Generate recovery codes".
On a more general note I would reccommend using hardware based MFA solutions where possible. I have multiple yubikeys which I can use one of them recovery should I lose or damage one of them. I use this as well as the software based app. I would also avoid SMS based (even as a fallback) solutions as they have been susceptible to issues for years. If you use facebook token for recovery you want to make sure you have properly secured your facebook account as that could be exploited by malicious actors to gain access to your github. While this may sound a little far fetched I have actually seen this happen with multiple companies to gain access in hopes of finding vulnerabilities in proprietary products, use it to launch an attack against applications/infrastructure if CD is present, etc.