2-Factor Auth | TOTP | lost mobile phone


I just enabled 2-factor authenfication according to the following manual. (I installed FreeOTP on my Android phone)
I’m very impressed how easiely it is to activate and increase the security. Many thanks to the whole team!

But it came some doubts: What happen if I lost my mobile phone? Is there any possibility to log in anymore and deactivate 2-factor auth or migrate to a new phone? I’m not sure.

Do you have any hints for me?
Thanks, Dominik!

In this case, an admin can de-activate totp for you with occ command. Also, if it is your own instance you can install backup codes app or request it from admins. Its purpose is rescue user from lock down in this kind of situations: https://marketplace.owncloud.com/apps/twofactor_backup_codes



Anytime you setup 2FA on any service they give both a QR code to scan or string to manually enter.

Copy the string and keep it in a safe place.

I just went through this when I replaced my phone with google authenticator. The google authenticator app transferred but not the entries. I was able to recreate them manually by entering the strings for each service from my encrypted backup. I kept a manual backup, not something special.

  • Mike

Thanks to you both!

I was able to deactivate the 2-fact-auth via occ. And also to restore the authentification after I removed the token from the FreeOTP app. Backup codes are not sufficient for me.
Now I have the choice. :grinning:


How can I text to admins?) My phone is broken for now and I can not login to gitlab account(

Not sure what gitlab has to do with everything.

But if you are on an ownCloud instance where you absolutely have no other means of contacting the admins, you’re going to have to use the domain name and try contacting the webmaster email address.

Additionally perhaps you can trigger a password reset email and perhaps reply to that and hope that somebody is checking that inbox.

1 Like