Authy would have saved me an entire year of hassle!

Authy would have saved me an entire year of hassle!

Well… yes this has been going on for nearly a year.

This painful story starts with upgrading from an iPhone 11 Pro to the iPhone 12 Pro

Some of us just need the latest thing out there. Some of us just need the latest thing out there. I’m one of those people. This is all my fault. I hastily upgraded to the new 12 Pro because I had to have it. Within a few days I forgot what the difference was from the previous generation, but I didn’t have anxiety around NEEDING to upgrade anymore. Everything in the world was great… until…

Lesson 1: when you secure your account with 2/Multi-Factor (2fa or MFA) authentication, be sure to save the recovery codes somewhere.

I am a part of the iPhone upgrade program. When a new iPhone is released, I wipe my phone, box it up, and send it to Apple. So I need to login to my Cloudflare account. I use a free account, and I get the level of support afforded to that which is hardly none. I have my domain names using multiple things on Cloudflare, but I also use them as my registar. I go to login and see that I need my authentication code. No problem… I open Google Authenticator and FUUUUUUUUUUUUUUU…. the cubbard is bare. At this point I Google how to remove the MFA requirement my Cloudflare account. Well the articles assume you have a recovery code that is emailed to you… which I don’t have in my Gmail. Contact customer service.. get a canned answer that doesn’t work for my situation.

Lesson 2: pay attention to the instructions when setting up your MFA/2FA

I further explain the situation and a week later I get another canned answer explaining the same thing. At this point I’ve run into other accounts that I need MFA codes for. All my other accounts during setup offered either SMS, security questions, or other means of recovering your account outside of backup codes. Cloudflare at the time (this may still be the case) specifically tells you there isn’t any other way. So I let it go until one day I get an email from them letting me know that one of my domains will expire, and while it is set to auto-renew, my credit card expired.

Lesson 3: there is a lot of knowledge on the internet

I immediately go into a bit of a panic and email their support again. Three weeks of canned answers and I write a Karen email to any contact I can find in Cloudflare management. While waiting, I am also Googling for others who have had this problem (granted it really is an edge-case that their canned answers didn’t work for me). I came across another blog (didn’t write down which) where the author recovered from being locked out due to a different root cause. The author referred to Authy, which is an authentication app that is tied to an account, not just one phone. I couldn’t sign up for this fast enough. You can access your MFA codes from multiple phones, from your PC, and lost/stolen/upgraded phones cannot get in your way. Download their app for iOS, Android, or sign up and download the desktop client on their site. I’m not affiliated and I don’t get commission… I just don’t want you to repeat my mistake.