Consider Google, Github, etc.
Description
Description
Event Timeline
Comment Actions
- Google: They allow login if you have one of any two-factors available (i.e., they support SMS and phone call as alternatives to TOTP). Additionally, when logging in with 2FA, Google allows you to mark a computer as "trusted". You can use a trusted computer that is still logged in to disable 2FA. Otherwise, you need to file an account recovery form, which Google responds to manually after a few business days. Things they ask on the form (I presume they have a further protocol beyond submission of the form, probably involving submission of government ID):
- The date you created your account and the date you last accessed it (required)
- Your security question, if enabled (optional, even if the question is enabled)
- Up to five email addresses you frequently contact and up to five Gmail labels you created (optional)
- Your first recovery email address (optional)
- Other Google products you use and approximately when you started using them (optional)
- An explanation of how you lost access to your account
- Contact information for sending the password reset
- Facebook: Submission of a government ID, or (strangely) you can take a picture of yourself holding a code that Facebook gives you.
- GitHub, Apple, and Dropbox: Does not offer account recovery at all. You either need a phone with SMS for backup, or another backup token of some sort. If you lose all of your 2FA, you have lost access to your account permanently.
- LastPass: They allow removal of 2FA from the account by just sending a confirmation email to the primary account email. If you lost access to your primary email, I am not sure what options are available.
- Amazon Web Services: You have to file a support ticket to remove 2FA, after which they call you on the phone and ask for some trivial verification information (such as your credit card number on file).
Comment Actions
FYI, An admin just lost their tokens, and he has no other way to identify himself to other functionaries, causing him to loose his account most likely.