I’m currently being locked out due to the same 2FA failure: it was working and it stopped working one day…I have already sent an email to firstname.lastname@example.org and it has been 7 days without any response. My email is email@example.com.
The support replied to me. But in order to get back to my account, I was asked to send a picture of my passport and the last 4 digits of the credit card over the email…
My 2fa was working and I stored it in 1password. Nothing was changed on my end and it suddenly stopped working one day, similar to the exp of @nicksrandall. Now I’m asked to send you a picture of my passport and credit card nums to unblock myself. This is disappointing…Not only it’s unsafe to share sensitive info over an email, but also it sucks that customers did nothing wrong and were asked to do a bunch of things to prove themselves.
I have asked in the email to deactivate my account firstname.lastname@example.org so that no further changes are made to my credit card. I hope fly.io can really improve the auth story.
Hi Owen! First, I know this is a shitty situation and it would also frustrate the heck out of me. Second, we are going to get you a better channel to share your identifying documents today, it is totally reasonable to be hesitant about sending those docs over email.
This is an unpleasant policy to deal with, but it is very important that we verify peoples’ identity when we reset 2fa for them. We cannot just do this with email, 2fa exists to protect peoples’ accounts when their email address has been compromised.
The industry standard for verifying someone’s identity is to ask for a copy of a passport or US driver’s license. What we’re asking you to provide is exactly what AWS would request if they were resetting 2fa.
Unfortunately, we also can’t delete your account data without verifying your identity. This is, again, to protect peoples’ data when their email has been compromised.
I understand that this is probably not what is happening here and you’re just trying to get unstuck, but we cannot bypass this policy.
Since you do control your credit card, you have a path forward here. You can dispute the last payment you made to us. That will trigger account closure for non payment. Note that this sucks for us, it costs us quite a bit of money and loses a customer. That said, this is exactly what you should do if you’re not comfortable verifying your identity with us.
Hopefully that makes sense. I’m very sorry we don’t have a better answer for you.