My github account seems to be locked.
I have 2FA and the code (from my phone - google authenticator) is not working.
I have saved my recovery codes (16 of them) safely in my lastpass during account creation and they are also not working.
There was an option to use "previously used personal access tokens" and that is also not working (It is in my keychain - so no way of losing it).
Don't know what to do.
Can somebody help me please.
I am using google authenticator for github 2FA code. My scenario is as follow
I can enter my password.
Google authenticator is gone after lost my phone. So I cannot type 2FA.
I choose Use a recovery code or request a reset.
I don't have recovery code and I choose Locked out? Try recovering your account.
Step 1: I do Verify an email associated with this account.
Step 2: I try Verify a device, SSH key or personal access token, I got the situation as follow.
I cannot choose any options in Step 2. The options are disable. I would like to know why this is happened. And I would like to get suggest to get out of this stuck. I would like to know directly mail contact for github support. I am asking in here because I cannot login to ask in support.github.com.
I have searched for this and found answers that do not work in my case. I would appreciate some thoughts on this
I have set up a github page at: https://ir-ischool-uos.github.io/mwpd/
Some users reported that when they visit the page, an error about security is displayed, like this on Chrome:
- However, many users say it works ok for them.
I have found some sources say that this only happens if your link contains 'https' instead of 'http', but tested on two computers, one mobile phone and one tablet they both work fine. I also found source that say I should use GitHub page's https support, and I checked my setting this already is ticked.
Is there anything I can do to fix this for every user?
Thanks
This error could happen because of numerous of reasons. For example:
The server certificate (or at least one of the certificates in the chain of trust) is not among the trusted certificates that the browser/system maintains (maybe an outdated list?). Try to update the browser/system.
The date/time on the system is not configured correctly.
The connection is being intercepted (by an attacker?) and the certificate is manipulated, hence the SSL connection handshake process could not complete.
Your connection is not private error appears on websites using the SSL / HTTPs protocol when a browser is unable to validate the SSL certificate issued by the website.
Basically, any website using SSL / HTTPs protocol sends a security certificate information to users browsers upon each visit. Browsers then try to validate the certificate using the public key accompanying the certificate.
If it checks out, then users browser encrypts the data using the private key sent by your website. This encryption secures the data transfer between a user’s browser and your website.
I have checked it accross 3 different connections and they all worked just fine.
I believe the problem could be from the users. They may need to clear their cache, check if their clock is set correctly, their antivirus could be stopping it. And their browsers may be outdated.
What I will advice is just (https://support.github.com/contact). They could check to verify if this is an issue from the server or not.
But from what am looking at, this may be an issue with the user's device.
Also here are a few links you could refer and see if all settings on your own part are rightly set;
[1] https://github.com/docsifyjs/docsify/issues/236
[2] https://help.github.com/en/github/working-with-github-pages/securing-your-github-pages-site-with-https
[3] https://help.github.com/en/github/working-with-github-pages/troubleshooting-custom-domains-and-github-pages#https-errors
I hope this helps. Let me know!
If you are using a school/college wifi, most probably someone has your credentials and he/she is using it at the same time as you so basically when he/she is using the web you'll get this message, you should probably change your password or switch on VPN.
If the WiFi/other network used to access the website in question is a school or public network, some 3rd-party software used by it's administrator might be trying to prevent or override the connection to your website.
That might happen in order to display an error message (e.g. "Website access prohibited"), a captive portal (network login window), or just to watch the data being sent around.
Since you're using HTTPS it was prevented when the certificate check failed, because with HTTPS in place that software has no way of presenting it's own page or eavesdropping, other than creating it's own certificate with your website name in it on the fly. Which, of course, was rejected by the browser, since either the user didn't expect it, or, if it's indeed a school/company network, the PC wasn't properly enrolled for use on the said network.
Either way, there is no problem with your webpage itself. Because Github manages the server for your Pages, chances you could create something causing that problem yourself are pretty much zero.
Sometimes it happens because of the wrong IP/DNS settings. Checking the below places might help resolve the issue:
Make sure you are using a common public DNS server. How to check the DNS server you are using depends on your operating system. Moreover, if you are using a VPN client and it has a DNS configuration, check that setting too.
Check if there is an IP address associated with GitHub in the system's hosts file. In Linux and macOS you may use sudo vi /etc/hosts. If there is one, turn that line into a comment by adding # at the beginning of the line. Save, exit, and check if you see that error again. Do step 3 only if you are still getting the same error.
Go to https://www.ipaddress.com, search for github.io, and add its IP address at the bottom of /etc/hosts file like this example: 140.82.114.4 github.io.
Hope this helps.
I am officially blocked with 2FA! I cannot login to my Github account while I was able to do it before using one of the recovery codes. I changed my phone and the authentication app doesn't work on the new one. I used one of the codes before to login and it was successful but now none of the codes are working. I also don't have a recovery token. Does anyone have any idea what to do at this point?
Oct. 2022: see also "How to recover github password without using 2FA credentials".
Apr. 2019: If none of the methods described in "Recovering your account if you lose your 2FA credentials" would work (like a fallback number), then you would need to:
create a new GitHub account
contact GitHub support and see if it is possible to negotiate merging back your old account with this new one.
This situation is problematic for private repos, and GitHub does mention:
For security reasons, GitHub Support may not be able to restore access to accounts with two-factor authentication enabled if you lose your two-factor authentication credentials or lose access to your account recovery methods.
Still, only the support can tell you definitively what is possible in your case.
The OP Rubbic confirms in the comments:
I contacted github and what I ended up doing was creating a new account and they suggested that after six month they can reassign my previous email to the new account.
But I lost my previous projects and everything in it!
Lesson learned: use text message authentication, it's the easiest and safest option.
Wally adds in the comments:
Github replied after a few weeks.
The only thing they could do was to release my email and username from my account.
It is still possible to push through Git Bash and some other third party tools such as TortoiseGit (if those tools had been installed before you lose your 2FA credentials).
I don't know if anyone has any suggestions but I am in a bind!
I've lost access to my GitHub account via switching phone numbers and having 2FA enabled.
ssh -T git#github.com
I get denied, but I've provided GitHub with essentially everything I can, which are all my public SSH keys, password, correct email, a keychain on my Mac saying that I've logged in. I've made the mistake not getting recovery codes and I don't have access to the old phone. My past 1.3 years work of code is on GitHub for my company and I don't store any of my code on hardware as fear of theft, I know that's also a mistake, but it's a fear of mine.
It looks like I'm out of options according to GitHub, which is why I've came to StackOverflow. Are there any workarounds, I know EVERYTHING about the account, my credit card is on file.
The only thing I can think of is showing up to the offices with my ID and credit card on file. As my profile picture is me.
Any suggestions are appreciated. I have the public SSH keys, and a public key generated for one of my organizations, and still couldn't get 2FA disabled.
There should not be a workaround, especially for private repos, considering that "Recovering your account if you lost your 2FA credentials" states:
If you've lost access to your account after enabling two-factor authentication, GitHub can't help you gain access again.
Having access to your recovery codes in a secure place, or establishing a secondary mobile phone number for recovery, will get you back into your account.
So if the Git repos are cloned anywhere in your company, you might get them back. But not from GitHub itself.