I meant an emergency recovery for the lost recovery keys.
When I’ve wiped my phone I’ve lost all my authentications but only 2 accounts were not be recoverable because of that. One is Plex (which I found a workaround for now).
I still believe that it would be much better if there would be another way to recover if you fully prove to be the owner.
Obviously this is a suggestion and a wish, my single opinion doesn’t count but I’m sure that if we’d have a pool the majority of people would vote for it.
Unfortunately, we are only human and can lost lots stuff. Some are more important than other. If there is a way to prevent completely losing an account, why not? Fr example, you can use a text code msg to a mobile for resetting authenticator app if you don’t have the recovery code any more. Lots service use this method to backup the recovery process.
The Authenticator securely protects an account and when configured will provide you a recovery key in case it is lost. Fine we are all on same boat here.
The problem comes if in the unfortunate event you lose the recovery as well (anything can happen, the machine you have saved on dies and can’t recover, you’ve written on paper that burnt, it’s on cloud but that service has been hacked or wiped with no backups, anything). In this even there’s no way that if the owner proves their identity and ownership it can’t be recovered from the admin side.
In any unreasonable way possible, for example Facebook does allow you to use the recovery if you send them and ID to prove your identity, other services send text code on phone to add on a link which has been sent via email so means you have access to both and can prove it’s you, and so on.
And once again, I’m not saying that this is poor or this is wrong, I’m saying that there are other ways in case you lose your recovery, always think about the worst scenario.
Obviously it’s just me saying that, so I don’t see why you should listen to a single person only.
There are authenticator apps which can sync accoss devices.
Most common are those from the “password vault” providers, like “1Password” or “LastPass”.
These services usually have also restoration/recovery mechanisms for the whole password vault available.
Unfortunately google isn’t that smart. I’ve migrated to a different one so it will not happen in future. However I’ll delete my account because I can’t have it half working if in future I’ll purchase the premium.
I would like to know if there has been any response from Plex on this? I too am in a similar situation where my phone which had my authenticators on it was lost and the machine that housed the recovery keys was stolen. How are we lifetime pass holders supposed to be able to remove 2FA or at least be supplied a one time recovery key from Plex themselves to handle situations like this?
