My phone abruptly died, and it turns out I did not back up my 2FA codes. I have 2FA turned on for Tildes, and while I am still logged in, I can't turn off 2FA without 2FA, so if I ever have to log in again I'm screwed. I didn't save backup codes, of course, because I'm a fool (and I never figured out a good/safe way to store backup codes somewhere different than my password manager). What should I do?

I went into "Set up account recovery" in my personal settings, and I entered in my email address there. It says that if I can send and receive email from that address, I will be able to reset my password. But I already have a working password, what I don't have is working 2FA. Would a password reset do anything useful in my situation?

If there is nothing anyone can do at this point, how should I use my remaining time on this doomed Tildes account?

UPDATE: Admin turned off 2FA for me, so this account is no longer doomed. Thank you!

tildes.net isn't accepting my 2FA codes on login. I used a recovery key and disabled 2FA, but now I can't re-enable it for the same reason (I generate a code with the new secret key given but it gets rejected). I've checked on other sites and it doesn't seem to be a problem with generated 2FA codes on my end, leading me to believe something may be misconfigured on the server (maybe the tildes.net system clock is off or something?).

Anyone else experiencing this?

Edit: Still not really sure why I couldn't get it to work initially, but after giving it some time the problem went away.

I tend to be generous with votes if I like specific posters and want to encourage them. I like to assume that's ok, but is there an official take on that?

And what about people who are likely to share an IP address with me? I'm on a small node with fewer than 200 users, and at least 2 or 3 come here (got invited by one). I don't necessarily know them but will that look like alt accts boosting votes? Is there a whitelist or something like that for verified individuals on the same address maybe?

Hi there. The account recovery page mentions that password resets are performed by emailing a specific Tildes address from your own specified recovery address. But as far as I can see, that Tildes reset address that's supposed to be sent to.. is unlisted anywhere on the website. I could be mistaken, of course, but in any case it's not easily visible. Also unlisted is what string should be placed in the Subject field, alongside any body content this sent email should contain.

As to the reason for the inquiry:

So when I registered for Tildes, I generated a password and stored it in my KeePass database like a responsible person. Except... like an idiot, I restarted my computer at some point without remembering to actually save my KP database (I promise this is only like the second time this has happened in 2 years or so), so I'm in the curious position of still being logged in but not actually being able to change my password. Naturally, I explored account recovery options, and registered my email address with the recovery page, but as I described above, I can't seem to find the address I'm supposed to send an email to in order to reset my password as part of the recovery process.

I don't need to reset my password, and I really appreciate the way that it is done to maximize anonymity. However, I think there is a bit of a problem with how it is done in terms of users getting locked out.

If you're locked out, as far as I can tell, there is no way to view the email hint associated with your account. It seems a bit counter intuitive to me that in order to see the hint for how to regain access to your account, you have to already have that access! I also think that it won't work in the case that someone has been away for a few months and has forgotten their password. I'm not sure what a good way of displaying the hint would be, however, since if it is done by username anyone who has seen your posts can look at your password hint.

Hopefully with a bit of discussion we can cook something up that can solve this catch 22!