Lost your 2FA device
How to recover access using your backup codes.
You have your backup codes
At enrollment we showed you 10 single-use backup codes. If you saved them:
- Sign in with your username + password as usual.
- At the TOTP prompt, click "Use a backup code instead."
- Enter one of your unused codes.
- You're in. The code is now consumed; the other 9 still work.
You don't have your backup codes
This is the harder case. Email support@volatility.farm from the email address associated with the account. Include:
- Your username.
- Approximate date you opened the account.
- The Kraken sub-account (last 4 of the API key if you remember it — we'll use this to verify identity).
We'll respond with our identity-verification process. This is necessarily slow — we'd rather deny a legitimate request than hand an attacker your account. Expect 24–48 hours.
Once verified, we can:
- Disable TOTP on your account so you can sign in with password only.
- Walk you through re-enrolling with a new device.
Once you're back in: regenerate everything
- Re-enroll TOTP at /me/totp/enroll.
- Regenerate backup codes from the security section of /me.
- Save the new backup codes (the old ones are invalidated by regenerate).
- Change your password if you suspect the lost device was compromised.
Future-proofing
- Use a password manager that syncs across devices (1Password, Bitwarden) — your TOTP secrets live there too, so a lost phone is recoverable from any other signed-in device.
- Save backup codes in two places (e.g. password manager + a printed copy in a safe).
- Don't store backup codes on the same device as your authenticator.