New best story on Hacker News: Tell HN: It is impossible to disable Google 2FA using backup codes

Tell HN: It is impossible to disable Google 2FA using backup codes
599 by gravitronic | 309 comments on Hacker News.
I would like to inform the HN community, if your plan to recover your Google account in the event of losing your phone is to use a 2FA backup code, or SMS recovery, to remove the old 2FA setup and set up a new 2FA code, that that may not be possible. My situation: I had 2FA set up with my Google Account through Google Authenticator. I lost my Google Authenticator settings when I broke my phone. I have 2FA backup codes. These successfully log me into my Google Account. In order to disable 2FA, or generate new 2FA backup codes, I need to access the 2FA settings page under the Security tab. When I try to load the Two-factor authentication page, I am forced to re-authenticate with Google. When re-authenticating to access the 2FA page, there is no option to enter a 2FA backup code or SMS verification to pass the 2FA challenge. The only option under "Choose a way to verify" is to enter a 2FA code. Entering a backup code instead of a 2FA code returns an error. What am I supposed to do in this situation? Yes this is a classic "maybe I can get support through public shaming" attempt. Thanks in advance.

Post a Comment

0 Comments