I am officially blocked with 2FA! I cannot login to my Github account while I was able to do it before using one of the recovery codes. I changed my phone and the authentication app doesn't work on the new one. I used one of the codes before to login and it was successful but now none of the codes are working. I also don't have a recovery token. Does anyone have any idea what to do at this point?
Oct. 2022: see also "How to recover github password without using 2FA credentials".
Apr. 2019: If none of the methods described in "Recovering your account if you lose your 2FA credentials" would work (like a fallback number), then you would need to:
create a new GitHub account
contact GitHub support and see if it is possible to negotiate merging back your old account with this new one.
This situation is problematic for private repos, and GitHub does mention:
For security reasons, GitHub Support may not be able to restore access to accounts with two-factor authentication enabled if you lose your two-factor authentication credentials or lose access to your account recovery methods.
Still, only the support can tell you definitively what is possible in your case.
The OP Rubbic confirms in the comments:
I contacted github and what I ended up doing was creating a new account and they suggested that after six month they can reassign my previous email to the new account.
But I lost my previous projects and everything in it!
Lesson learned: use text message authentication, it's the easiest and safest option.
Wally adds in the comments:
Github replied after a few weeks.
The only thing they could do was to release my email and username from my account.
It is still possible to push through Git Bash and some other third party tools such as TortoiseGit (if those tools had been installed before you lose your 2FA credentials).
Related
My github account seems to be locked.
I have 2FA and the code (from my phone - google authenticator) is not working.
I have saved my recovery codes (16 of them) safely in my lastpass during account creation and they are also not working.
There was an option to use "previously used personal access tokens" and that is also not working (It is in my keychain - so no way of losing it).
Don't know what to do.
Can somebody help me please.
I am using google authenticator for github 2FA code. My scenario is as follow
I can enter my password.
Google authenticator is gone after lost my phone. So I cannot type 2FA.
I choose Use a recovery code or request a reset.
I don't have recovery code and I choose Locked out? Try recovering your account.
Step 1: I do Verify an email associated with this account.
Step 2: I try Verify a device, SSH key or personal access token, I got the situation as follow.
I cannot choose any options in Step 2. The options are disable. I would like to know why this is happened. And I would like to get suggest to get out of this stuck. I would like to know directly mail contact for github support. I am asking in here because I cannot login to ask in support.github.com.
I asked this question on the github community support forum, but I'll ask this here too since no reply there...
I am trying to setup a Github App to give some scripts limited Admin rights to some repos in an Organisation. The Organisation is (I believe) under an Enterprise account - we are using this currently instead of having an Enterprise server. I have created the App, transferred it to the Organisation, and one of the Organisation Admins (which I an not) has set me as the manager. So far so good. However, although I can see the App in the Organisation Settings, there is no “Install App” button. Also trying to use it in scripting gives 401 (A JSON web token could not be decoded) errors trying to get hold of a “PAT” for the app - even though the Admin has installed it into the app.
There is obviously something wrong but I’m at a loss. Does anybody know of some extra logs that can be looked at or have a suggestion on how to approach this. We’ve tried deleting the app and retrying - no different. I should say this is the third app I’ve created for transferring into the organisation this way - so far it has just worked.
We raised a support ticket on this so got a formal answer. I thought it might be useful to replicate the key part of the answer here. Essentially the issue is the fact this App has Admin rights. I am an Administrator on some of the repos, and am "App Manager" for this App, but I am not an Owner of the Organisation.
I quote:
"""GitHub App permission requests [control] access to a number of organization REST API endpoints... As these endpoints are outside the individual repository scope, only the organization owner can approve requests to add or change them. If this wasn't the case, App Managers who aren't organization owners would be able to grant an application the ability to view organization members and teams - which is private organization information that can otherwise only be granted by organization owners via inviting new organization members."""
Basically that is it. The original idea was to allow a central place to set some things that only an Administrator could set in a repo - c.f. branch rules. Seems that this can't be done as is with an App - the system just isn't flexible enough.
The alternative, which I know works, is to use the PAT of a user with Admin rights. That just feels less secure.
I had to get a new laptop and at the same time had to format my mobile where Google Authenticator was installed. Now when I try to login to my GitHub Account it asks for this 2FA option whereas I don't have it and also not sure what recovery keys its asking.
Is there anyone who has seen this issue. How can I get that bar code generated again for my account?
I have tried checking the internet but didn't find anything which could resolve this.
Have issue with only my Github Account.
GitHub provides instructions for recovering access to your account.
The first option it recommends is to use a recovery code¹, but it sounds like you don't have those. You would have received them when you first set up 2FA, and would have been prompted to put them in a safe place.
Another good option is to use your fallback phone number, assuming you configured one.
If neither of these options will work for you, please read the rest of the options listed on the page I linked above. You may need to contact GitHub support.
¹Note that you should also have received recovery codes for Google Authenticator itself. You should be able to use these to regain access to Google Autenticator which you can then use to log into GitHub.
I don't know if anyone has any suggestions but I am in a bind!
I've lost access to my GitHub account via switching phone numbers and having 2FA enabled.
ssh -T git#github.com
I get denied, but I've provided GitHub with essentially everything I can, which are all my public SSH keys, password, correct email, a keychain on my Mac saying that I've logged in. I've made the mistake not getting recovery codes and I don't have access to the old phone. My past 1.3 years work of code is on GitHub for my company and I don't store any of my code on hardware as fear of theft, I know that's also a mistake, but it's a fear of mine.
It looks like I'm out of options according to GitHub, which is why I've came to StackOverflow. Are there any workarounds, I know EVERYTHING about the account, my credit card is on file.
The only thing I can think of is showing up to the offices with my ID and credit card on file. As my profile picture is me.
Any suggestions are appreciated. I have the public SSH keys, and a public key generated for one of my organizations, and still couldn't get 2FA disabled.
There should not be a workaround, especially for private repos, considering that "Recovering your account if you lost your 2FA credentials" states:
If you've lost access to your account after enabling two-factor authentication, GitHub can't help you gain access again.
Having access to your recovery codes in a secure place, or establishing a secondary mobile phone number for recovery, will get you back into your account.
So if the Git repos are cloned anywhere in your company, you might get them back. But not from GitHub itself.