I just spent a day and a half recovering my Github account after the code in my 2FA application stopped working for authentication. GitHub has a good support article on how to recover your account that has this ominous warning on it:
Warning: For security reasons, GitHub Support may not be able to restore access to accounts with two-factor authentication enabled if you lose your two-factor authentication credentials or lose access to your account recovery methods.
I was worried that I wasn’t going to get access to my account back since I didn’t have a copy of my recovery codes so I reached out to GitHub support and was able to work with them to get access using my verification token from an SSH session.
If you have 2FA enabled on your account you should make sure you have the following:
- Access to your recovery codes.
- That
ssh -i ~/.ssh/github_rsa -T [email protected] verify
returns a verification token. - A fallback number on your account for SMS 2FA.
Hopefully, no one else has to go through this but I figured I would write up my notes since they were fresh in mind.