Skip to main content

I'm locked out, MFA recovery

What to do if you can't sign in because you've lost your authenticator app, recovery codes, identity verification, and resetting MFA.

If you turned on multi-factor authentication and now can't sign in, phone lost, authenticator app gone, codes not working, this page walks through getting back into your account.

The order of options below goes fastest β†’ slowest. Try them in order.

What this page helps you do

  • Use a recovery code to get past the MFA prompt.

  • Reset MFA via email + identity check if you don't have recovery codes.

  • Get back to a working sign-in.

Option 1: Use a recovery code (fastest)

When you turned MFA on, Boardssey gave you 10 single-use recovery codes (see Multi-factor authentication (MFA)). If you saved them, this is your fastest path back in.

  1. On the MFA prompt at sign-in, click Use a recovery code (or the equivalent "I lost my device" link).

  2. Enter one of your recovery codes.

  3. You're in.

After signing in this way:

  • The recovery code you used is now spent. You have one fewer left.

  • Open Settings β†’ User β†’ Multi-factor authentication immediately. Either set up a new authenticator (if you have a new phone), or generate a fresh batch of recovery codes, old codes don't replenish on their own.

If you have no recovery codes left and can't get a 6-digit code, go to Option 2.

Option 2: Reset MFA via email and identity check

If recovery codes are out of reach, you'll need to ask us to reset MFA on your account. This is intentionally slower than the recovery code path, it has to be, to keep someone else from using "I lost my codes" as a way around your MFA.

  1. From the sign-in page, click Need help signing in? or email [email protected] from the email address on your account.

  2. State that you need MFA reset on your account, and include the email address on the account.

  3. We'll respond with identity verification questions. These vary, but commonly include things only the account owner would know, like recent billing details, names of your games, or the date you signed up.

  4. Once we've verified you, we reset MFA on your account. Your password and data are unchanged; you can sign in with just email + password.

  5. Set up MFA again immediately and save the new recovery codes properly this time.

This path can take up to a few business days, depending on how quickly we get a response from you and how quickly the verification questions get answered. If it's urgent (e.g. you have a publisher meeting in two hours), say so when you reach out, we'll do our best.

Option 3: If you lost both your password and MFA

This is rare, and the flow is:

  1. Use Forgot password? on the sign-in page to reset your password via email.

  2. Sign in with the new password, Boardssey will then prompt for MFA.

  3. Use a recovery code (Option 1) or reset MFA (Option 2).

If you can't access the email on your account either, use Option 2 above and tell us, we'll handle email and MFA recovery together.

After you're back in

Two things to do as soon as you can sign in:

  1. Set up MFA again, see Multi-factor authentication (MFA). Use a new authenticator app on your current phone.

  2. Save the new recovery codes somewhere reliable. Best place: your password manager, alongside your Boardssey password. Worst place: the same phone that has the authenticator app on it (if you lose it again, you're back to square one).

If you have multiple devices, scan the new MFA QR code on a backup device too, many authenticator apps sync across devices, but having a manual backup is good insurance.

Tips & common questions

Can I keep an old recovery code from before MFA was reset? No. Resetting MFA invalidates all old recovery codes. The new batch you get after reset is the only valid one.

Is there an SMS / phone-call MFA fallback? Not today. We chose authenticator apps + recovery codes because they're more secure than SMS. We're tracking phone or hardware-key support on the roadmap.

My time is wrong on my phone and codes are failing. TOTP codes are time-based, so a phone clock that's off by a minute or more makes them fail. In your phone's settings, turn on Set time automatically and try again.

Can a teammate or admin reset MFA for me? No, MFA is a personal-account setting, and even Owners and Admins of a team can't reset another member's MFA. Use Option 2 above.

Can I avoid this whole situation in future? Yes:

  • Save recovery codes to a password manager when you turn MFA on.

  • Use an authenticator app that syncs across devices (1Password, Bitwarden, Authy with cloud backup).

  • Add MFA to a backup device too.

Related articles

Related Articles
Welcome to Boardssey
Multi-factor authentication (MFA)
Sign-in problems
Delete a team workspace
Did this answer your question?