Despite better knowledge, I didn’t get around switching to Microsoft Authenticator which features cloud based backup and recovery. It happened that my iPhone12’s screen stopped working, and I had to send it to Apple for diagnose and repair.
I thought to myself, within a week at last I should have access to my 2FA protected accounts again. I was expecting that some services will give me some issues, as some don’t offer backup codes, alternative 2FA options if your App installation is no more, etc.
In this blog post I want to describe my experiences. In all cases, I contacted their English Support staff when help was needed to re-gain access to my account (and re-enable 2FA via Microsoft Authenticator on the repaired phone).
based on my last time when I switched iPhone models and before the Google Authenticator App support exporting and re-importing accounts, I knew that a “password reset” form has to be filled in which I declare and put my signature in a form that I am the legal owner of the account and I need to gain access again. I enclosed a letter that indeed I need 2FA to be reset as my iPhone broke.
Base Country: Germany
Duration: 7 days and I was informed about 2FA being deactivated from my account via email.
I managed to login and disable 2FA, but in order to re-enable 2FA via Authenticator App, I had to confirm a code sent via SMS (why?), but that code never arrived. Their Player Support answered within 12 hours, asking for the following:
- Try using a different browser
- Empty the cache and cookies of the browsers and try again
- Switch to a different language setting on our website and ask for the message again
- Check if your message inbox on the phone is not full
- Contact your phone provider to check if premium services are enabled
Luckily, my mobile phone network provider O2 by Telefonica offers chat support, so it was easy to check back with them.
After I made sure everything is okay on my side, they sent me the code via email instead.
Base Country: Cyprus
Duration: 22 hours
Why I’d even have an account with them looking at what kind of games they offer?Well, they over Frogster and I had a support matter with one of the Frogster games years ago, since without an account one can’t send in a support question, I registered myself an account there. Since I got hacked from Turkey last year, I took the security of this account serious.
Re-enabling the GameForce 2FA Authenticator was however not possible due to “invalid username/password” or “invalid login” error messages.
I was accused of having used a 3rd party tool on my iPhone while setting up the 2FA Authenticator again to manipulate it, and this is against their TOS, the ability to re-enable 2FA is blocked and support won’t help me any further.
I replied by this not to be true and also virtually impossible on an non-jailbroken iPhone and sending them proof of my iPhone having been with Apple for repair, I received the next day an email that they had a 2nd look and found I was hacked again and therefore removed the block. (not true however, but easier for them to make something up than admitting their anti-fraud detection is BS).
I then was able to re-enable 2FA again.
Base Country: Germany
Duration: 2 days
After successfully having logged into my account using Backup Codes, I noticed I cannot disable 2FA as it requires codes generated by the authenticator app installation that is no more (exactly same issue, as Trovo, which will follow later). Normally, one would expect that the backup codes would be seen as valid but I was mistaken.
Emailing support resulted in receiving a personal reply within 20 minutes, being asked the following questions:
- What is your email address associated with your account?
- What is your billing/shipping address?
- What was the last item you purchased on Etsy?
I shortly thereafter I received a reply that 2FA was removed in my account and that the feedback will be forwarded internally to improved the flawed 2FA Recovery procedure.
Base Country: USA
Duration: 5 Hours
They don’t have any recovery method of the 2FA system, no backup codes, just a support form, which will instantly answer you asking for you to reply to this email from your account’s email address and to state that you are the owner of this Rockstar account. Shortly after 2FA was removed from my account.
Base Country: USA
Duration: 7 Hours
Trovo offers no backup codes in case you are locked out of your account. However, luckily, I could still reach settings of my Trovo account due to active session cookies in my browser. However, disabling 2FA requires entering a generated code. (same problem as with Etsy mentioned earlier).
For initial point of contact I used their “Contact Us” form that can be found on their Support Page.
Unfortunately, I never received a reply, so I did some googling and found that according to their faq reddit page, it normally takes 5-7 day to get replies. Hence I re-sent my inquiry to them via their support email address, which resulted in an auto-responder:
We have received your message and we will answer in 3-7 days.
(that was on a Friday), the following Monday, I received a reply apologizing for not getting back to me earlier and asking for the following:
You need to provide
- your trovo name,
- phone number,
- password, and
- any legal information to prove your identity and that you are the owner of this account.
The last in the list I covered by enclosing a letter which I signed stating that I am the legal owner of my account and a copy of my national ID.
Then, I was told that “other staff” has been informed and will take care of the case.
The next day I was sent a screenshot asking whether I tried disabling 2FA in my account myself. (Yes, I did and that it doesn’t work was the whole point of contacting them for help!) . After that, my emails no longer triggered the auto-responder and as I received no replies anymore, I went to LinkedIn, had a look for Trovo employees, found a community manager in the Netherlands and asking him for help, he got back to me telling me he has forwarded it to the “the security team to further assist.“
another 7 days later, I received a customer support email reply stating that 2FA has been disabled for my account and they apologize for the experience.
Base Country: China
Duration: 3 weeks
Some services already updated their kBs to warn.