#Account recovery

I lost my 2FA device and can't find my backup codes. Is there any way I can recover access to my miraheze account?

<@&443815384798461953> Can someone help here?

CVT does not handle account recovery - that's the tech team, I think

I'll ping @frigid glen then. He'll know.

I think the tech team handles matters like these.

I could be wrong about that.

Trust and safety gives the yay or nay to a situation and directs Tech to unlock if applicable i think

Rhinos will confirm

See https://meta.miraheze.org/wiki/Help:How_to_reset_lost_credentials and then send some proof to [email protected]

We will liase with T&S if needed

T&S own the policy but we carry it out so there's sometimes a discussion with them but we'll get their consent if needed.

Hm, both the committed identity and GPG options require that I have that set up before I lost access to the account, no?

I suppose there is the third option which is the tech team knowing me. Not sure what that would require.

Yup

We don't know you

If you don't meet any of the conditions, you can try and find other proof but it will have to meet a high standard

Figured as much

Will I have to initiate the process by emailing sre first to ask what kinds of other proof is possible? Or would asking here for example of other proof save an email?

@frigid glen Is it possible to use other platforms where he is registered under the same username, to post a message, that he is the user on Miraheze? (Just thinking out loud)

You can ask here

Generally no

Proof should be beyond reasonable doubt

And it should be clear that the user either intended to use it as a proof and accepted the risk or be traceable by us to ensure it isn't also compromised

We can't use discord as there's no proof you have 2FA on discord we can verify and they might have hacked your discord too

For example

Thanks for the explanation.

Hmm this is rather tricky. The only other things that tie me to MH are Phab and my wiki bot. Phab I can’t log into because I can’t log into MH. Dunno how the bot acct will help though

Not that it helps me lol but speaking of Discord 2fa as verification, I vaguely recall 2fa being bypassed due to session hijacks a while back

It's probably unlikely we'd be able to recover

That's not a formal determination but I don't see much of a route

Perhaps... Requesting usurping the account from a new one, so you can continue with the same username. Your old account would become "Chaotic (old)" or something similar.

You'd want to place a notice on the talkpage of the account, and state that you intent to usurp that account. After a month, you could request usurpation via Steward Request.

Huh... I am either very smart or so very dumb for putting my recovery codes somewhere I didn't think they would be

Before I mess anything up, would I be able to disable and re-enable TOTP without that original device? When I try to disable it, there is a warning that says that all the recovery codes will be invalidated

wdym?

it doesnt care about what device you use if you have the credentials and codes

I don't have the device that has the TOTP codes anymore so I can't get a token at all

if you use a recov code to disable, you can get a new TOTP secret

Ah I thought those would be disabled first; I guess my reading comprehension is bad 🤦‍♂️. Thanks.

the old codes would exist on the device but just not work anymore

Makes sense, just didn't know if I could use my recovery codes in place of that when disabling it.