I see people ask completely different kinds of questions here, but this is where GitLab.com support is pointing me.
I’m using GitLab.com for some personal scripts and scribes for over 7 years now. Once upon a time, GitLab.com asked me to add a 2FA device to my account and I refused to do so. Instead, GitLab.com gave me 10 “recovery codes” that I can use in place of the string that would typically appear on my 2FA device.
All of the sudden, non of my recovery codes work anymore (yes, I’m entering them correctly, they are in my password manager).
Any ideas on how to recover my account now?
If you uploaded an SSH key to your account you can generate them yourself. Two-factor authentication | GitLab
If not, search the forums, there are hundreds of posts that already say what to do in such situations, and it’s a bit boring for us to keep repeating it. Unfortunately Gitlab support no longer reset or give access to accounts that didn’t secure it properly themselves to enable recovery via SSH keys, or by using Authy as an app instead of Google Authenticator or others that don’t allow you to restore to a new phone like Authy does.
Recovery codes are just that, to be able to gain access to your account when you forget your 2FA. I find it strange that you don’t want to use 2FA when it secures your account, but since recovery codes are only usable once, it’s not surprising that finally you lost access.
2 Likes
Requesting new codes via SSH worked.
Thanks!
To the best of my knowledge, all mentioned 2FA implementations come with their own privacy and tracking risks.
Honestly, I don’t even remember how I got my initial “recovery codes” and what they were, it was a long time ago. Now I see you have it all explained around the place you referenced above. They seem to be OTP. My bad.
Anyway, I believe this post can be a valuable source of reference for others.