I lost my TOTP key and recovery code

Hello,

I lost my TOTP key and recovery code due to a mistake with my password manager (Bitwarden).

The support can’t help me because I have a free account. (https://support.gitlab.com)

Should I give up my account? Have I lost it?

Thank you

Hi @jb10,

Support will sure help you out!

In the meanwhile, if you have SSH set up with GitLab! Try this

https://docs.gitlab.com/ee/user/profile/account/two_factor_authentication.html#generate-new-recovery-codes-using-ssh

I don’t have SSH set up.

And no, the support don’t help:

" Hey there,

Thanks for contacting GitLab Support.

As of 2020-08-15 GitLab Support is no longer processing requests to disable two-factor authentication
for free accounts that do not have a GitLab.com subscription, to safeguard the security of our users. For more information about this change please see our post on the GitLab Blog. Please note that this ticket will automatically close itself out within 1 hour.

If you believe that you received this response in error and already have a
GitLab.com subscription, please reply with the organization or subscriber name and the
email address the subscription was purchased under.

For more information on our support policies and the community-driven support
resources available to you, please see our statement of support.

If you’re interested in purchasing a subscription, please see the pricing page
for information on pricing, features, and support response times for each subscription level.
You can also contact our sales team. "

1 Like

Oh wow! This is rude!

I’m afraid you have to consider your account lost, as it is explained in the link the support gave you: https://about.gitlab.com/blog/2020/08/04/gitlab-support-no-longer-processing-mfa-resets-for-free-users/

You can find some discussion about it here: GitLab Support is no longer processing MFA resets for free users

Thank you

Great, I’ve lost my projects.The gitlab.com service really sucks.

Same thing happened to me with GitHub when I left a company due to mass layoffs. The keys were on their equipment so I lost my account.

Treat these things as a single point of failure. I’d rather take the security risk of a user/pass/email and still have access to my account even if something got hacked versus these keys where authoritarians won’t cooperate and you lose everything.

I can’t understand how anyone would think that getting hacked is worse than losing everything. It’s a technology that people have not fully checked out all failure scenarios to understand what the worst case consequences are.

2 Likes

Thanks to RGPD (Or GDPR), I managed to recover my data. So I have my projects and commits…

1 Like

The RGPD team is good. Too bad I can’t get my account back. Especially since I was able to recover my data…

1 Like