I lost my TOTP key and recovery code


I lost my TOTP key and recovery code due to a mistake with my password manager (Bitwarden).

The support can’t help me because I have a free account. (https://support.gitlab.com)

Should I give up my account? Have I lost it?

Thank you

Hi @jb10,

Support will sure help you out!

In the meanwhile, if you have SSH set up with GitLab! Try this


1 Like

I don’t have SSH set up.

And no, the support don’t help:

" Hey there,

Thanks for contacting GitLab Support.

As of 2020-08-15 GitLab Support is no longer processing requests to disable two-factor authentication
for free accounts that do not have a GitLab.com subscription, to safeguard the security of our users. For more information about this change please see our post on the GitLab Blog. Please note that this ticket will automatically close itself out within 1 hour.

If you believe that you received this response in error and already have a
GitLab.com subscription, please reply with the organization or subscriber name and the
email address the subscription was purchased under.

For more information on our support policies and the community-driven support
resources available to you, please see our statement of support.

If you’re interested in purchasing a subscription, please see the pricing page
for information on pricing, features, and support response times for each subscription level.
You can also contact our sales team. "

1 Like

Oh wow! This is rude!

I’m afraid you have to consider your account lost, as it is explained in the link the support gave you: https://about.gitlab.com/blog/2020/08/04/gitlab-support-no-longer-processing-mfa-resets-for-free-users/

You can find some discussion about it here: GitLab Support is no longer processing MFA resets for free users

Thank you

Great, I’ve lost my projects.The gitlab.com service really sucks.

Same thing happened to me with GitHub when I left a company due to mass layoffs. The keys were on their equipment so I lost my account.

Treat these things as a single point of failure. I’d rather take the security risk of a user/pass/email and still have access to my account even if something got hacked versus these keys where authoritarians won’t cooperate and you lose everything.

I can’t understand how anyone would think that getting hacked is worse than losing everything. It’s a technology that people have not fully checked out all failure scenarios to understand what the worst case consequences are.


Thanks to RGPD (Or GDPR), I managed to recover my data. So I have my projects and commits…

1 Like

The RGPD team is good. Too bad I can’t get my account back. Especially since I was able to recover my data…

1 Like

I was in the same situation two months ago, and the recovery with SSH request did not work.
I sent a request to the support and I had no answer.
But !!! I retry the SSH request today and it works ! (ssh git@gitlab.com 2fa_recovery_codes)
I got my account back.
I hope that it helps you, @jb10.

I suggest also installing an app called “Authy” and using this instead, since the app has a backup feature, and you can even use it on multiple phones/devices. So, if I lose my phone, no problem, I get another, install authy, restore using my backup password and I got my 2FA access.

Not all 2FA apps are great, I used to use Google Authenticator, but considering the Authy benefits, I don’t even need to download the recovery codes ever. I also use Yubikey, so I can get access to Gitlab with 2FA time-based codes, or Fido/U2F device as I connected both to my login.

For other apps that don’t offer this restore functionality, there was the option to save the recovery codes and print it out or other methods to store it, so an account can always be recovered by yourself if you took all the necessary precautions in the first place. But if you didn’t do this, then there is no one else to blame except yourself. Gitlab doesn’t have to give free support, when you could have guaranteed access to your account by doing all the previous mentioned steps.

Hi, execute this:

ssh git@gitlab.com 2fa_recovery_codes

In console with ssh key.