2FA recovery codes (was: Re: Migrating 2FA to a new device)

Raymond Toy toy.raymond at gmail.com
Thu May 9 19:49:16 UTC 2019 

Glad it worked out. And now I need to make sure I actually have my recovery
codes for c-l.net. :-)

On Thu, May 9, 2019, 12:14 PM Dave Cooper <david.cooper at genworks.com> wrote:

>
> Hi Raymond,
>
> Thanks for the reminder about emergency recovery codes.  Note that those
> codes are account-specific, so for example when you set up Two-factor
> Authentication for a particular gitlab account, it presents you with a list
> of codes which will work for that gitlab account. Google also presents a
> list of backup codes, but those will only work with your Google account,
> and so on (even though all these accounts have their dynamic PIN code being
> generated by Google Authenticator, they each manage their backup codes
> separately).
>
> In my case when I originally wrote the email, I didn't have my emergency
> recovery codes for gitlab.common-lisp.net, and the dynamic PIN on the
> Google Authenticator on my old phone was not working. So I appeared to be
> in a bind and in need of admin assistance. It turned out that the reason
> the dynamic PIN on the old phone was not working was nothing to do with my
> having migrated the Google code to a new phone, it was just because the old
> phone was offline and/or its clock was not set correctly. As soon as I put
> the old phone online and the clock corrected itself, the code started
> working for other services and presumably would have worked for
> gitlab.common-lisp.net as well (but by that time the admins had disabled
> my 2FA and I had already re-enabled it on the Authenticator on the new
> phone).
>
> But yes, the recovery codes on gitlab.common-lisp.net will most certainly
> work, in case your phone is lost or damaged. If you don't have yours now,
> you can regenerate a new set of them by logging into
> gitlab.common-lisp.net and visiting User Settings -> Account ->
> Two-factor Authentication.  Consider this a PSA for everyone to print those
> out and put that paper in your secret safe place (as well as cut out a copy
> for your wallet).
>
> Dave
>
>
>
> On Thu, May 9, 2019 at 2:45 PM Raymond Toy <toy.raymond at gmail.com> wrote:
>
>> The emergency recovery keys you created should work.  But I've never
>> tried that on common-lisp.net, so I don't actually know. I've only
>> used that on other sites where I didn't have my HW key and needed to
>> login and I had my recovery keys with me.
>>
>> On Thu, May 9, 2019 at 11:15 AM Dave Cooper <david.cooper at genworks.com>
>> wrote:
>>
>>>
>>>
>>>
>>>
>>> Hi, I just changed phones and installed Google Authenticator on the new
>>> phone, and migrated my Google code to the new authenticator.
>>>  But my common-lisp.net code (and some other ones e.g. Cloudflare) are
>>> still on the old phone.
>>>  But the common-lisp.net one (on the old phone) doesn't seem to work
>>> anymore.
>>>  Is there a way to migrate this to a new phone without logging in (I
>>> doubt it).
>>>
>>> If not, can the admin temporarily disable my 2FA so I can get in and set
>>> it up on the new phone?
>>>
>>> --
>>> My Best,
>>>
>>> Dave Cooper, david.cooper at gen.works
>>> genworks.com, gendl.org
>>> +1 248-330-2979
>>>
>>>
>>
>> --
>> Ray
>>
>
>
> --
> My Best,
>
> Dave Cooper, david.cooper at gen.works
> genworks.com, gendl.org
> +1 248-330-2979
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.common-lisp.net/pipermail/clo-devel/attachments/20190509/9f593020/attachment-0001.html>

More information about the clo-devel mailing list