account recovery without 2FA and ssh-keys

Hello,

I am a new bitbucket user. I recently setup 2FA (two-factor) on my phone. I also setup ssh-key from my laptop. However, recently I had to reformat my phone, and I lost the 2FA codes. Unfortunately I also lost my ssh-keys as I changed them on my laptop. Now I can't login to bitbucket. Is there any way I can disable 2FA and login with my password? Otherwise, can I reset my account to have a fresh start?

Thank you for your suggestions.

3 answers

0 votes

Hi Sam! Did you save the recovery codes we provided you when you first set up 2FA in your account? If you have them, you can use them to gain access to your account again.

However, if you don't have access to the device you use to authenticate, nor saved the recovery codes, nor have the SSH that you used with Bitbucket, I'm afraid you've exhausted all the possible options to recover access. There is no other way to obtain a code outside of these options. 

We don't have the ability to disable two-step verification for any Bitbucket user account. When you enable 2FA, you are committing to making that account accessible only to a user that is able to obtain a 2FA code. I'd recommend you restore your repos from the local data to a new Bitbucket account, or get copies from other users that may have worked on the repositories.

Let me know if you have any questions, Sam.

Kind regards,

Ana

 

Same issue here.

 

  • No SSH keys
  • No 2FA mobile
  • No Recovery codes

 

I know we accept the terms when we enabled the 2FA but I hope I can still recover my account. I still know the email address and password. All I need is a code to enter.

 

Also, I think is unusual to only depend on 2FA without having other options like a text message, email resetting, etc.

 

I really need to recover my account since all my projects are there. I hope you can help us.

Hi Jerome, I'm sorry to hear you've lost all your access options. However, as I mentioned before, an account with 2FA enabled can only be accessed by a user that provides a 2FA code.

Also, I'm not sure what you mean by "I think is unusual to only depend on 2FA without having other options like a text message, email resetting, etc" As is the standard, we provide 3 ways of obtaining a code:

  1. Authenticator apps.
  2. Recovery Codes.
  3. SSH Recovery.

There is no other way to obtain a code outside of these options. You can still restore your repos from the local data to a new Bitbucket account, or get copies from other users that may have worked on the repositories.  

Regards,

Ana

Hi Ana,

 

Thanks for the response.

 

Actually my account was deleted now.

 

Text message and email code are just my suggestions for at least last sort in recovering account.

 

0 votes

Hello, I have a same problem. I used company email for an account and activated 2fa. 

1. I stored recovery keys to my company computer.

2. I used browser authenticaticator

3. My machine ssh keys were added 

We recently had an cyber attack and my machine was completely wiped out.

So, please, is there any way for me to prove my identity (I have part of the ssh key you've sent me via email) and to recreate my account? It's my company email so I would like to use this one.

Dragan

Hi @Dragan Krstevski! Do you have a verification app installed on your mobile device? If you do, you'll still be able to log in to your account, disable 2FA, generate a new SSH key and enable 2FA again. This is explained in the article Two step verification.

What do you mean you have part of the SSH key we sent you via email? The SSH key should be generated by yourself following the steps at Creating SSH keys.

If you don't have the authentication app and don't have the SSH key on your machine, we won't be able to prove your identity, thus the account can not be recovered.

Let us know!

Ana

Hi @Ana Retamal Ortiz,

Thanks for you reply. No, I've lost all 3 recovery options, I eventually contacted support and my account was erased. I meant part of the my ssh key I received on email when I added to my profile, but it's okay now.

 

BR,

Dragan

Hi Dragan, thanks for the update!

Best regards,

Ana

This is crazy. If AWS and other vendors of paid service can help people -- even with slow methods like postal mail -- Atlassian should also. This makes 2FA too risky to use here.

Hi Erika, I've never heard of postal mail being an option. As is the standard, we provide 3 ways of obtaining a code:

  1. Authenticator apps.
  2. Recovery Codes.
  3. SSH Recovery.

These options are widely used across different companies (Github and Google for example) and its advantages and risks are listed in many articles, like Don't get locked out when using 2FA.

There is no other way to obtain a code outside of these options. When you enable 2FA, you are committing to making that account accessible only to a user that is able to obtain a 2FA code. For more information you can see Retrieve recovery codes through SSH.

Please let us know if you have any other questions.

Regards,

Ana

Google and GitHub are free -- that's the level of service I would expect. Bitbucket is supposed to be enterprise level.

Amazon Web Services offers 2FA, along with a way to recover the codes (if needed) by demonstrating ownership of the account phone and address. You should be measuring yourself against other business services.

Hi @Erica K, Google and GitHub are free as long as you don't get the paid option, same as for Bitbucket. Bitbucket is a product for all kind of users, from college students to big companies. You can have a free Bitbucket account with up to 5 users. 

Let us know if you have any other questions,

Ana

I'm aware of that and I wasnt asking a question. My point remains, your paid plan (which we use) should support enterprise features.

Suggest an answer

Log in or Join to answer
Community showcase
Piotr Plewa
Published Dec 27, 2017 in Bitbucket

Recipe: Deploying AWS Lambda functions with Bitbucket Pipelines

Bitbucket Pipelines helps me manage and automate a number of serverless deployments to AWS Lambda and this is how I do it. I'm building Node.js Lambda functions using node-lambda&nbsp...

672 views 0 4
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you
Atlassian Team Tour

Join us on the Team Tour

We're bringing product updates and pro tips on teamwork to ten cities around the world.

Save your spot