Help
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Copilot Lvl 2
Message 1 of 3

Locked out from Two Factor Authentication.

Solved! Go to Solution.

Hellorecently i had enable the Two Factor Authentication or 2Fa . I had done with the help of google authentication which i later camed to know its not at all reliable also i stored Recovery Codes which also keeps on changing when we change the security settings. 

So right now both of them are not working, i am locked out from my account.

So to recover my account i used my Facebook Token, and also emailed the support for the same (to review my token as it was ready for review)Screenshot_1.pngits been 2 days i have got no response.  so what should i consider?

 

2 Replies
Solution
Copilot Lvl 2
Message 2 of 3

Re: Locked out from Two Factor Authentication.

Finally got accessed to the account. This Post help me i think  Thanks community!

Pilot Lvl 1
Message 3 of 3

Re: Locked out from Two Factor Authentication.

Hellorecently i had enable the Two Factor Authentication or 2Fa . I had done with the help of google authentication which i later camed to know its not at all reliable

 

There may be some other issue going on with your phone related to time, I have been using and administering github as well other applications that use Google Authenticator for many years without issues. A lot of companies and individuals out there rely on Google Authenticator (multiple times) every day. Like anything nothing is perfect but I would encourage you to not jump to conclusions about the overall reliability of a product used by hundreds of thousands of people because of a very small number of issues. Quite a few other time based MFA applications out there are based off Google authenticator implementation.

 

also i stored Recovery Codes which also keeps on changing when we change the security settings.

 

What are you changing? From what I have observed the only time your codes will re-generate is when you login, go to https://github.com/settings/security, then click "Show" under "Recovery codes" section, and then "Generate recovery codes".

 

On a more general note I would reccommend using hardware based MFA solutions where possible. I have multiple yubikeys which I can use one of them recovery should I lose or damage one of them. I use this as well as the software based app. I would also avoid SMS based (even as a fallback) solutions as they have been susceptible to issues for years. If you use facebook token for recovery you want to make sure you have properly secured your facebook account as that could be exploited by malicious actors to gain access to your github. While this may sound a little far fetched I have actually seen this happen with multiple companies to gain access in hopes of finding vulnerabilities in proprietary products, use it to launch an attack against applications/infrastructure if CD is present, etc.