Hi, I just changed phones and installed Google Authenticator on the new phone, and migrated my Google code to the new authenticator. But my common-lisp.net code (and some other ones e.g. Cloudflare) are still on the old phone. But the common-lisp.net one (on the old phone) doesn't seem to work anymore. Is there a way to migrate this to a new phone without logging in (I doubt it).
If not, can the admin temporarily disable my 2FA so I can get in and set it up on the new phone?
Hi, I just changed phones and installed Google Authenticator on the new phone, and migrated my Google code to the new authenticator. But my common-lisp.net code (and some other ones e.g. Cloudflare) are still on the old phone. But the common-lisp.net one (on the old phone) doesn't seem to work anymore. Is there a way to migrate this to a new phone without logging in (I doubt it).
If not, can the admin temporarily disable my 2FA so I can get in and set it up on the new phone?
The emergency recovery keys you created should work. But I've never tried that on common-lisp.net, so I don't actually know. I've only used that on other sites where I didn't have my HW key and needed to login and I had my recovery keys with me.
On Thu, May 9, 2019 at 11:15 AM Dave Cooper david.cooper@genworks.com wrote:
Hi, I just changed phones and installed Google Authenticator on the new phone, and migrated my Google code to the new authenticator. But my common-lisp.net code (and some other ones e.g. Cloudflare) are still on the old phone. But the common-lisp.net one (on the old phone) doesn't seem to work anymore. Is there a way to migrate this to a new phone without logging in (I doubt it).
If not, can the admin temporarily disable my 2FA so I can get in and set it up on the new phone?
-- My Best,
Dave Cooper, david.cooper@gen.works genworks.com, gendl.org +1 248-330-2979
Hi Raymond,
Thanks for the reminder about emergency recovery codes. Note that those codes are account-specific, so for example when you set up Two-factor Authentication for a particular gitlab account, it presents you with a list of codes which will work for that gitlab account. Google also presents a list of backup codes, but those will only work with your Google account, and so on (even though all these accounts have their dynamic PIN code being generated by Google Authenticator, they each manage their backup codes separately).
In my case when I originally wrote the email, I didn't have my emergency recovery codes for gitlab.common-lisp.net, and the dynamic PIN on the Google Authenticator on my old phone was not working. So I appeared to be in a bind and in need of admin assistance. It turned out that the reason the dynamic PIN on the old phone was not working was nothing to do with my having migrated the Google code to a new phone, it was just because the old phone was offline and/or its clock was not set correctly. As soon as I put the old phone online and the clock corrected itself, the code started working for other services and presumably would have worked for gitlab.common-lisp.net as well (but by that time the admins had disabled my 2FA and I had already re-enabled it on the Authenticator on the new phone).
But yes, the recovery codes on gitlab.common-lisp.net will most certainly work, in case your phone is lost or damaged. If you don't have yours now, you can regenerate a new set of them by logging into gitlab.common-lisp.net and visiting User Settings -> Account -> Two-factor Authentication. Consider this a PSA for everyone to print those out and put that paper in your secret safe place (as well as cut out a copy for your wallet).
Dave
On Thu, May 9, 2019 at 2:45 PM Raymond Toy toy.raymond@gmail.com wrote:
The emergency recovery keys you created should work. But I've never tried that on common-lisp.net, so I don't actually know. I've only used that on other sites where I didn't have my HW key and needed to login and I had my recovery keys with me.
On Thu, May 9, 2019 at 11:15 AM Dave Cooper david.cooper@genworks.com wrote:
Hi, I just changed phones and installed Google Authenticator on the new phone, and migrated my Google code to the new authenticator. But my common-lisp.net code (and some other ones e.g. Cloudflare) are still on the old phone. But the common-lisp.net one (on the old phone) doesn't seem to work anymore. Is there a way to migrate this to a new phone without logging in (I doubt it).
If not, can the admin temporarily disable my 2FA so I can get in and set it up on the new phone?
-- My Best,
Dave Cooper, david.cooper@gen.works genworks.com, gendl.org +1 248-330-2979
-- Ray
Glad it worked out. And now I need to make sure I actually have my recovery codes for c-l.net. :-)
On Thu, May 9, 2019, 12:14 PM Dave Cooper david.cooper@genworks.com wrote:
Hi Raymond,
Thanks for the reminder about emergency recovery codes. Note that those codes are account-specific, so for example when you set up Two-factor Authentication for a particular gitlab account, it presents you with a list of codes which will work for that gitlab account. Google also presents a list of backup codes, but those will only work with your Google account, and so on (even though all these accounts have their dynamic PIN code being generated by Google Authenticator, they each manage their backup codes separately).
In my case when I originally wrote the email, I didn't have my emergency recovery codes for gitlab.common-lisp.net, and the dynamic PIN on the Google Authenticator on my old phone was not working. So I appeared to be in a bind and in need of admin assistance. It turned out that the reason the dynamic PIN on the old phone was not working was nothing to do with my having migrated the Google code to a new phone, it was just because the old phone was offline and/or its clock was not set correctly. As soon as I put the old phone online and the clock corrected itself, the code started working for other services and presumably would have worked for gitlab.common-lisp.net as well (but by that time the admins had disabled my 2FA and I had already re-enabled it on the Authenticator on the new phone).
But yes, the recovery codes on gitlab.common-lisp.net will most certainly work, in case your phone is lost or damaged. If you don't have yours now, you can regenerate a new set of them by logging into gitlab.common-lisp.net and visiting User Settings -> Account -> Two-factor Authentication. Consider this a PSA for everyone to print those out and put that paper in your secret safe place (as well as cut out a copy for your wallet).
Dave
On Thu, May 9, 2019 at 2:45 PM Raymond Toy toy.raymond@gmail.com wrote:
The emergency recovery keys you created should work. But I've never tried that on common-lisp.net, so I don't actually know. I've only used that on other sites where I didn't have my HW key and needed to login and I had my recovery keys with me.
On Thu, May 9, 2019 at 11:15 AM Dave Cooper david.cooper@genworks.com wrote:
Hi, I just changed phones and installed Google Authenticator on the new phone, and migrated my Google code to the new authenticator. But my common-lisp.net code (and some other ones e.g. Cloudflare) are still on the old phone. But the common-lisp.net one (on the old phone) doesn't seem to work anymore. Is there a way to migrate this to a new phone without logging in (I doubt it).
If not, can the admin temporarily disable my 2FA so I can get in and set it up on the new phone?
-- My Best,
Dave Cooper, david.cooper@gen.works genworks.com, gendl.org +1 248-330-2979
-- Ray
-- My Best,
Dave Cooper, david.cooper@gen.works genworks.com, gendl.org +1 248-330-2979
Note that you can also use oathtool[1] with your existing password management tools for two-factor authentication on GitLab. No need for mobile phones or proprietary software. That is what I do and it is very convenient.
Vladimir
-
Dave Cooper -
Philipp Marek -
Raymond Toy -
Vladimir Sedach