Lost your phone or passkey — recovering access
If you've lost the device that holds your passkey or your TOTP authenticator, you have three escalating paths to get back in.
1. Recovery code (fastest)
At enrollment we offered you 10 one-time recovery codes. Each one works once and can be used in place of TOTP / passkey at the sign-in challenge.
• At the MFA challenge screen click "Use a recovery code".
• Enter one of the 10 codes you saved. You're in.
• Once you're back in, IMMEDIATELY enroll a new factor — a recovery code is a one-shot bypass.
2. Other enrolled factor (almost as fast)
If you have a passkey on another device, or TOTP set up as backup to a passkey, switch to that factor at the challenge screen.
• Sign in with the working factor.
• Settings → Two-factor authentication → remove the lost factor and enroll a new one.
3. Support recovery (slowest, identity-verified)
If you have no recovery codes and no other factor, contact [email protected] from the email associated with your account. We'll verify your identity through several checks (sign-in IP history, recent activity, account-rep confirmation if your org has one) and reset MFA after a 24-hour cooling period. The cooling period is non-negotiable — it's how we protect against social-engineering attacks where an attacker has compromised your email but doesn't have the device.
Best practice — don't end up here:
• Generate recovery codes the day you enroll MFA. Print them or save in a password manager.
• Enroll a passkey on at least two devices (laptop + phone) so losing one is a swap, not a lockout.
• Keep TOTP enrolled in an app that backs up to the cloud (1Password, Authy, Google Authenticator with sync).
Once you regain access, regenerate recovery codes (the old set is single-use and may have been used) and re-enroll the lost factor.