Forget authentication and backup codes

i cant able to sign in becaue i lost my authentication and bakup codes in my phone which get lost in last week please help me

Hello there,

If you forgot the backup codes then it will be hard to restore your account unless Admin can remotely login to your account and disable 2fa for you which I’m not sure if he can since I don’t know that much on how the Client Area’s 2fa work.

Just some advice, always print a hardcopy of your backup code and keep it somewhere safe like a password.

4 Likes

Then what can i do now???

Direct message our @Admin. Maybe he could help you with that.

How can i do that ???

Click on his name then click on that Message.

Admin disabled his account from recieving private messages meaning nobody can’t PM him directly here on this forum.

5 Likes

so now???

can i able to delete my account and creat5e a new one for using same mail ??/

Cannot you see them again in your account? You’re already logged in.

pardon please

He meant that since you’re already logged in here on this forum that means you should already be logged in on the Client Area.

i tried that but when i go in client area the authenticator get occours

Sigh. Ok, since for whatever reason the 2FA gets triggered (it should have been triggered already if you tried signing into the forum) you will have to make a seperate forum post asking the Admin to fix it for you.

2 Likes

From a technical level, I can disable two factor authentication. Remember: I wrote the client area code and have administrative access to the servers running it. So I can change whatever I want whenever I want it.

However, I won’t disable two factor authentication on any account by request.

The point of two factor authentication is that (drumroll please) you have two factors of authentication. The email address / password combination is one, and the two factor device / recovery codes are the second one.

If we would just disable the second factor in response to an email, the security benefit of that second factor would be completely nullified. We would be betraying the trust of our security conscious users by bypassing two factor authentication in that way.

So it’s your responsibility to backup the recovery codes. The method to do that is up to you, just make sure they are stored safely to make sure that you and only you can access it.

If you lose both your recovery codes and your 2FA device, you lose access to your account. Just like how you lose access to your account if you lose both your password and access to your email address.

If you want to read a tale about what happens when support staff bypasses critical security checks, just read what happened to the owner of the Twitter handle “@N”. I have no desire to get a similar story about InfinityFree.

9 Likes

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.