I'm locked out of my GitHub

5 points by goldenkey ↗ HN
Recently, I was assaulted and was in the hospital for 3 months. My GitHub 2FA was lost and I used the recovery method and received this email:

> Your request to disable two-factor authentication for the account @churchofthought has been approved by GitHub staff.

> To proceed, click this link: Complete account recovery. This link will only be valid for 72 hours

However, due in part to still recovering from this life changing injury (I'm partially disabled now), I missed the 72 hour link expiration window.

Now all recover options are greyed out. Support tells me they can't help.

Some of these repos are being used in production. Can any GitHub employee please help? I will send/fax over any documents necessary to prove my identity and that I am not under coercion.

2 comments

[ 3.2 ms ] story [ 11.5 ms ] thread
Some thoughts come to mind. They are generally about prevention and recovery. The recovery ideas stem from the fact that, after all, git is open source. You can't get locked out of git itself.

From a person-to-person perspective:

- Keep trying with support. They say "we can't do anything" but anyone can do anything. It's usually a matter of getting the right person on the phone. That one tech said no. Try again; maybe you'll get someone who's better connected or more compassionate.

- Ask a friend to fork them into an organization that you can get into with a new account.

From a technical do-all-you-can-anyways perspective:

- Clone all your public projects out under a new account.

- Get copies of your private repositories from friends or coworkers. If some of these works are in production, perhaps you have access to them.

For the future:

- Leaving GitHub so this can't happen again isn't a bad idea. There are several alternatives. I host my own[1] gitea[2] instance. I can always just SSH into that if there's a problem. There's also SourceHut[3], which I quite like.

- For prevention, use 1Password[4] or KeePassXC[5] with Syncthing[6]/Dropbox. They keep 2FA data and protect you against this kind of loss.

Finally:

Sorry about your injury mate. I can't imagine. Nothing can be said there constructive; it is just the worst.

Maybe if it helps, one of the best, smartest programmers I knew hobbled up the stairs with a cane and typed with one hand because he had experienced a stroke. Our entire product relied on this guy, he wrote windows drivers that the software relied on. You got this.

1: https://gitea.io/en-us/

2: https://git.djha.skin/

3: https://sourcehut.org/

4: https://1password.com/

5: https://keepassxc.org/

6: https://syncthing.net/

> Maybe if it helps, one of the best, smartest programmers I knew hobbled up the stairs with a cane and typed with one hand because he had experienced a stroke. Our entire product relied on this guy, he wrote windows drivers that the software relied on. You got this.

Wow, that story is similar to 2600hz Captain Crunch aka John Draper.

Thank you for the support, warm assertions, and resources. Much love