Hi Raymond,
Thanks for the reminder about emergency recovery codes. Note that those codes are account-specific, so for example when you set up Two-factor Authentication for a particular gitlab account, it presents you with a list of codes which will work for that gitlab account. Google also presents a list of backup codes, but those will only work with your Google account, and so on (even though all these accounts have their dynamic PIN code being generated by Google Authenticator, they each manage their backup codes separately).
In my case when I originally wrote the email, I didn't have my emergency recovery codes for
gitlab.common-lisp.net, and the dynamic PIN on the Google Authenticator on my old phone was not working. So I appeared to be in a bind and in need of admin assistance. It turned out that the reason the dynamic PIN on the old phone was not working was nothing to do with my having migrated the Google code to a new phone, it was just because the old phone was offline and/or its clock was not set correctly. As soon as I put the old phone online and the clock corrected itself, the code started working for other services and presumably would have worked for
gitlab.common-lisp.net as well (but by that time the admins had disabled my 2FA and I had already re-enabled it on the Authenticator on the new phone).
But yes, the recovery codes on
gitlab.common-lisp.net will most certainly work, in case your phone is lost or damaged. If you don't have yours now, you can regenerate a new set of them by logging into
gitlab.common-lisp.net and visiting User Settings -> Account -> Two-factor Authentication. Consider this a PSA for everyone to print those out and put that paper in your secret safe place (as well as cut out a copy for your wallet).
Dave