GitLab Support is no longer processing MFA resets for free users

just about to dust of some old projects. realized i don’t have authy code on my new phone.

my old laptop with ssh access has long since been wiped.

now i have no way to recover my account… seems bad

can my account be deleted so i can at least create a new one with my email…

such a strange decision

Same here, my phone got crushed, and I didn’t use GitLab in a while. Account lost and all my old projects.

I can’t even sign up for their “premium” service because it also needs the 2FA code :sweat_smile:.

Last time I host anything on gitlab.

Just found that my account is lost forever.
I’ll never use GitLab.

After reading all the previous replies to this thread. I feel like I will be talking to a wall, but I hope GitLab cares enough to find a solution to the legitimate use case discussed by many replies in this thread.

I am one of the users who lost the 2FA device and the recovery codes. I am willing to pay for the GitLab Premium subscription, or pay for some kind of GitLab support service to help me recover my account or temporarily disable 2FA so I can gain access and reconfigure 2FA on my new device.

I also accept a time-bound solution (like someone mentioned GitHub provide) where I wait an amount of time before disabling 2FA for my account so I can regain access. I think it’s been a year or more since I lost access to my account. I was hoping a solution would be available by now, but I’m a bit disappointed.

I hope someone cares enough to contribute a solution to this issue, because even though the last question in the original blog post suggest it, I can’t even contribute a solution to my own problem because I can’t sign in to contribute.

Anyway, thank you for any efforts and thank you for allowing me to express my thoughts.

My mobile device broke in 2019, so I could not access my 2fa device. I could not find anywhere a recovery code, neither in my disk nor in cloud.

Today (07/12/2022) I found the private key I used in gitlab back in 2018. I didn’t remember the pass phrase but that was not a problem. I managed to get it after a successful brute force attack. I used the private key to ssh and reissue new recovery codes. I finally got access to my account almost four years later!!!

I didn’t do something special but it feels like I hacked the entire gitlab.

Please reconsider you decision and provide free users with a proper way to recover their accounts!

Lol you didn’t hack anything. You used the 2fa_recovery_code feature to generate new codes.

Can you please show me exactly where I wrote that I actually hacked gitlab?

I quoted what you said, you feel like you hacked the entire gitlab. And as I said, you didn’t hack anything lol. So weird statement.

This is so annoying. I lost my phone and I don’t have recovery codes or the ssh key. I can’t get back my gitlab account which has valuable repos. If money is the problem then at least charge a reasonable fee to disable the 2FA so that we can get our accounts back. I know my username and password and I can’t login to my gitlab account. This is ridiculous. If you can’t afford to support free users you shouldn’t have let us create free accounts. Don’t forget your roots. When you are not popular you wanted free users so that word get spread and become a premium service and now this is how you treat your free users. If you had only paid services from the day one then you won’t be in this successful position. Very pathetic decision by Gitlab. Shame on you,


Same here, it was my fault for not grasping the danger of losing my account with 2-step verification. However, I am just sad that I cannot recover my account and continue contributing to the OSS. I would like Gitlab to allow me to turn my locked free account into a premium account.

I am in a similar boat to a lot of comments here.
Enabled 2FA years ago when I was doing my internship because the company required 2FA for anyone to join the company org on GitLab. Recovery codes and stuff were all on the company laptop.
Finished my internship, handed in everything, now four years later, I cannot access my account anymore.
It is super frustrating because my account was registered with the handle that I identify with and use everywhere on the Internet.
I am willing to pay for the premium subscription to have my account recovered.