[Help] Lost Access to Google Authenticator, Can't Login

Kris · 2017-07-11 02:39:18 UTC

Hi There,

My phone got a trouble (hang and very slow) so I bought a new phone, and I wiped data on the old phone (I’m using Android). But I forgot to turn off the 2-FA setting on many sites include Cloudflare, and because Google Authenticator works differently compare to Authy, after I install it on my new phone, the setting was gone, not saved on their server.

I sent an email to cloudflare support at June 25, and I sent the verification data to turn off the 2-FA, but I didn’t get any reply anymore for the last 14 days.

Support ticket is: #1374236

Can I get my account back? I want to turn off Argo, and I want to hire an IT guy to optimize my website, but I can’t login.
And to be honest, another websites fixed this problem for just 1-2 days.

Thank you,
Kris

sdayman · 2017-07-11 03:07:41 UTC

According to Docs, you should have received a backup code when you set up 2FA on Google:

Otherwise, keep bugging Support.

Kris · 2017-07-11 05:20:05 UTC

I was read that article, the problem is I forgot to save the backup code when set up the 2-FA on Google, I was a little bit rush when replaced Authy with Google Authenticator.

Short story I was hiring an IT guy to move my website to another hosting at June 8-9, I changed my password before and after he login to my account. Accidentally because my phone is very slow, I uninstalled a lot of apps, and I moved cloudflare from Authy to Google Authenticator because I saw that option on my account is finally available (When I sign up a couple years ago I only have Authy option). I only used Authy for Cloudflare, another website using Google Authenticator, so I can reduce the resources by using only one app for 2-FA. A couple days later I was wipe the data and changed to a new phone.

Btw I was saved a backup code for another website, yes the option is showed up but the code didn’t work for login, and I contacted their support to turn off the 2-FA too.

====

I need to login because I want to turn off Argo, because I don’t see any benefit of it, maybe because my website need to optimized, not sure since I can’t login, and my IT need to login to my account.

One more thing that made me confused is an hour ago I got an invoice from Cloudflare, they charge me $20 for 4 websites, but I only have one website inside my Cloudflare account. I’m really sure my account not hacked because I’m using different password for different website and my password is very complex.

Btw, I have credit on Cloudflare $14.45, because last month when I tried to enable Argo, there’s an issue and my Paypal charged a couple times. Today Cloudflare charged me $20.40, my Paypal charged $5.95 reduced by credit on Cloudflare.

cscharff · 2017-07-11 18:59:37 UTC

I’d recommend opening 2 support tickets. One for your 2FA and they can assist you with next steps. The other re: billing. You may have encountered a ‘feature’ which caused customers to be charged more than once when enabling Argo and billing can look at the specifics of your charges to determine that.

Kris · 2017-07-11 18:40:23 UTC

Thank you for your reply Sir, I sent a ticket.

saul · 2017-07-12 00:48:43 UTC

Just as a bit of advice for when you are sorted… you can still use Authy as your TOTP app even when using standard ‘Google’ codes. I use it for all mine just because you still get to use their multiple device / backup / web extension etc. IMO the Google Authenticator app is too limited to be used seriously.

Kris · 2017-07-12 07:56:07 UTC

Thank you for your advice

I agree, I like Authy because it saves the setting even after we re-install it, and Google Authenticator isn’t good. Unfortunately all websites that I subscribed except Cloudflare, only offer Google Authenticator for 2FA.

saul · 2017-07-12 08:11:12 UTC

Just to clarify, as I said, any account where it says use Google Authenticator to scan the QR code and activate 2FA can instead be stored in Authy. Just go into the Authy app and do Settings - Add Account - Scan QR Code. It will add the account and work just like the native Google app but with all the backup/restore benefits.

There is no strict requirement to actually use Google Authenticator no matter what a site should say when activating TOTP.

Kris · 2017-07-13 02:13:28 UTC

Wow that’s cool, I didn’t know it before, I tried it, and it works. Thank you so much

====

Btw little update about my billing issue, Cloudflare gave me $39.45 credit to my account, that’s great.

cscharff · 2017-07-13 04:59:52 UTC

Sorry we mucked up the billing in the first place.