# I lost access to my 2FA device. What do I do?

First, try your **recovery codes**. Oh Dear shows you a batch of one-time recovery codes when you first enable 2FA. Each code works once and bypasses the authenticator app for a single login. If you saved them in a password manager (highly recommended), use one of those.

If you didn't save recovery codes, your options are:

## You're still logged in on another device or browser

1. Go to your **Profile settings** > **Two-Factor Authentication**.
2. Disable 2FA.
3. Re-enable it on your new authenticator app.
4. **Save the new recovery codes somewhere safe this time.**

## You're locked out entirely

[Contact support](/contact) from the email address on your account and we'll help verify your identity manually. Typical checks:

- You can send from the email address tied to your Oh Dear login
- You can confirm account-specific details (the name of one of your monitors, a recent invoice number, etc.)
- For SSO-managed accounts, we coordinate with your identity provider instead

Once we've verified you, we'll disable 2FA on the account so you can log back in. **Re-enable it immediately afterwards** and save the new recovery codes.

## If you use SSO

If your team uses [Single Sign-On](/docs/faq/which-identity-providers-does-oh-dear-support-for-sso), the 2FA step happens at your identity provider, not at Oh Dear. Recovery goes through your IdP's account-recovery flow (Okta, Entra ID, Google Workspace, etc.), not through us.

## Save your 2FA recovery codes

Please save your recovery codes the moment you set up 2FA. It takes 10 seconds in a password manager and saves hours of manual verification later.
