5

I recently wanted to use one of my old project specific GitHub account, where the two factor authentication was enabled. Since I was not able to remember the password I used the option Forgot password and reset the password.

However after successfully changing the credentials, GitHub is as usual expecting the two way authentication key, since I was not having the same device now, I don't have the GitHub configured to get the Two way authentication, neither I have any more information about the account, rather than my login credentials.

Is there any way I could get the two - way refactor working. Or I could login?

Melebius
  • 6,183
  • 4
  • 39
  • 52
TBA
  • 1,077
  • 5
  • 41
  • 80

1 Answers1

3

If have the credential of the GitHub account, you can login to said account, and enable 2FA

https://help.github.com/assets/images/help/2fa/2fa-settings.png

Then you can generate a PAT (Personal Access Token) in order to use that as a password (and bypass the 2fa step when pushing in command-line).

Personal access tokens are useful when it's too cumbersome to provide a client/secret pair for a full application, such as when authenticating to GitHub from Git using HTTPS, or within a command line utility or script.

Later I reset my password , and I was't having the device which i had configured my DuO Mobile. How could I login now. It is asking for 2FA and I don't have any way to provide the key.

Then you would need to follow "Recovering your account if you lost your 2FA credentials"

Having access to your recovery codes in a secure place, or establishing a secondary mobile phone number for recovery, will get you back into your account.

VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250
  • Hi Vonc I think my question was I already enabled this functionality, and I used in my device Duo Mobile to generate 2FA. Later I reset my password , and I was't having the device which i had configured my DuO Mobile. How could I login now. It is asking for 2FA and I don't have any way to provide the key. Until unless I configure it from first. Thanks – TBA Oct 20 '15 at 11:08
  • @TBA I have edited the answer, but you would need recovery code, or a mobile phone number registered with that 2FA. – VonC Oct 20 '15 at 11:28
  • There is no other way I could get the details without recovery code, Fortunately I got my old device back and get this working... But I would like to see any other way it is possible, so keep it open with a bounty, Thanks @VonC , I think there may not be any other way to do this. – TBA Oct 27 '15 at 09:03
  • @TBA I usually connect to my mobile device with adb, and export the 2FA TOTP (https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm) secret key from the sql database – VonC Oct 27 '15 at 09:51
  • @TBA would that procedure (extraction of the secret key from the mobile device) be of interest here for you? – VonC Oct 27 '15 at 10:14
  • Thanks VonC, at the end there is only one way we could recover it by saving the recovery options securely. – TBA Nov 02 '15 at 09:30
  • @TBA still, do you know that, beside the recovery options, you can extract the secret key itself? – VonC Nov 02 '15 at 11:56
  • Sorry I am not aware of it, How could we achieve it? – TBA Nov 02 '15 at 14:54
  • @TBA Then `shell@android:/ $ sqlite3 /data/data/com.google.android.apps.authenticator2/databases/databases`, `select * from accounts;` – VonC Nov 02 '15 at 14:59