Update: Seems to have been fixed now, I have succesfully re-enabled 2FA.
Leaving the rest of this here for posterity.
I’ve setup my gitlab account a while ago, but today when attempting to log in I was unable to verify with my 2FA (google authenticator). After many attempts failing I resorted to using one of my recovery code to access my account.
I then disabled 2FA and attempted to re-enable (in case it was dirty state in the gitlab database). After scanning the new QR code and entering the TOTP my phone displayed, I was again greeted by Invalid pin code errors.
I tried multiple times, removing entry from my google auth app and re-adding from new QR codes (refreshed pages), but all failed.
I have used the google auth app for other applications today, so it appears the issue resides in gitlab.
I’m mainly posting here because the gitlab bug tracker recommends checking here first and I have not seen another post covering this or fixes for it.
Whilst I have access to my account again, unfortunately my organisation requires 2FA, so I when I de-activated it I have become at risk of losing access to the repositories (I’ve got 48 hours to re-enable 2FA).
For anyone experiencing this issue:
- If you can use a recovery code to access your account, do not remove 2FA. Instead, use the account as normal for a while and hope that 2FA begins to work before you run out of recovery codes (I assume it’ll be fixed within a few hours)