DO Ideas 2

Enable a recovery option for two-factor authentication

Currently if I lose my phone (it has happened before and will happen again), or if I move and change my number I will lose my ability to login via two-factor auth (2FA).

Upon adding 2FA to my account you should provide a recovery code in case I lose access to my Google Authenticator. It will be up to me to keep the code in a safe place in the event of an emergency.

  • Zach Bouzan-Kaloustian
  • Sep 11 2018
  • Shipped
  • Sep 11, 2018

    Admin Response

    We've made this change and announced it as part of an update to 2FA today. Changes include the ability to have downloadable codes as a backup method. You can check out the changes in the Security section of Settings or read more about it here: https://www.digitalocean.com/company/blog/updates-to-digitalocean-two-factor-authentication/ Thank you for the feedback!
  • Attach files
  • Kotya Karapetyan commented
    September 11, 2018 17:10

    Currently there seems to be no option to get around the TFA if my phone battery is empty, or my phone is broken, or stolen. DigitalOcean will try to send me an SMS, but it doesn't help in all these cases.

    I would be good to have an option to:
    - use my email to receive a recovery link;
    - provide a second phone (e.g. my wife's or brother's number) to receive a code by SMS in case the primary phone is not accessible.

  • David Svarrer commented
    September 11, 2018 17:10

    Hmmm. Google provides an extra / alternative phone line, that works ! I have severally had low battery on my primary line, or, my primary line was in the charger while the secondary was in my pocket. It is very easy, and the 6 digit code is just sent to the pre-defined, secondary line.

  • Ivan Manida commented
    September 11, 2018 17:10

    recovery code is already available - just scan the barcode with any scanner to get the number, or save the picture, done.