Recover access to your Zenovay account when you've lost the device running your authenticator app.
Zenovay two-factor authentication uses an authenticator app (TOTP). When you set it up, you also receive a set of one-time backup codes. Those backup codes are your recovery method if you no longer have your authenticator.
Recovery Options
Option 1: Backup Codes (Fastest)
If you saved your backup codes when you enabled MFA:
- Go to the sign-in page and enter your email and password
- On the two-factor screen, click "Lost access to your authenticator? Use a backup code"
- Enter one of your backup codes
- Click Verify — you're back in
After signing in with a backup code, disable and re-set MFA so you have a fresh authenticator and a fresh set of codes:
- Go to Settings → Account → Security
- In the two-factor section, click Revoke and confirm with another backup code
- Set MFA up again with your new device
- New backup codes are generated as part of setup
Option 2: Support Recovery
If you have no backup codes left, contact Zenovay support so we can verify your identity and help you regain access:
- Email [email protected] from the address on your account
- Use the subject line "MFA Recovery Request"
- Include the email address on your account
- Follow the verification steps we send back
Warning
SMS and email-code recovery are not offered for Zenovay sign-in. If you lose both your authenticator and your backup codes, support verification (Option 2) is the only way back in, so keep your backup codes somewhere safe.
Using Backup Codes
Where to Enter
On the two-factor screen during sign-in, click "Lost access to your authenticator? Use a backup code", then type a backup code into the field.
Backup Code Format
Codes look like:
a7b2-c9d4-e5f6
m3n4-p5q6-r7s8
Codes use lowercase letters and digits only (the visually ambiguous characters 0, 1, o, and l are left out). Enter them with or without dashes.
Single Use
Each backup code works once:
- After use, it's invalid
- Cross it off your list
- You're issued 10 codes when MFA is set up
Running Low on Codes?
If you're down to your last few codes, generate a new set:
- Sign in (using a remaining code if needed)
- Go to Settings → Account → Security
- In the two-factor section, click Regenerate codes
- Confirm with your current authenticator code
- Save the new codes securely (the old set is invalidated)
Support Verification Process
What's Required
To verify your identity, support may ask for:
- Account email - the email you signed up with
- Recent activity - what you were doing on the account
- Payment method (if applicable) - last 4 digits
- Account details - websites tracked, team members, and similar
What to Include in Your Email
Subject: MFA Recovery Request
Account Email: [email protected]
Verification Information:
- I created this account on approximately [date]
- My websites tracked: [list websites]
- Team members on account: [names if any]
- Last payment: [month/year if applicable]
- Recent activity: [what you were doing]
I've lost access to my authenticator because:
[explain situation]
Please help me recover access to my account.
Verification Questions
Support may ask:
- When did you create the account?
- What websites are you tracking?
- What plan are you on?
- Recent support tickets?
After Recovery
Secure Your Account
-
Set up MFA again
- Use your new authenticator
- Don't restore the old one
-
Generate new backup codes
- Old codes may be compromised
- Save them securely this time
-
Review security
- Review your linked sign-in providers on Settings → Account → Security
- Change your password if you're concerned
Prevent Future Lockouts
-
Keep your backup codes
- They are your only self-service recovery path
-
Store backup codes securely
- Password manager (encrypted)
- Safe deposit box
- Encrypted cloud storage
- NOT a plain text file
-
Use a cloud-synced authenticator
- Authy (syncs across devices)
- 1Password (stores in vault)
- Keeps a backup automatically
Authenticator Apps
Recommended Apps
| App | Cloud Sync | Free |
|---|---|---|
| Authy | Yes | Yes |
| 1Password | Yes | No |
| Google Authenticator | Limited | Yes |
| Microsoft Authenticator | Yes | Yes |
Transferring Authenticator
If you're getting a new phone:
Before you lose the old phone:
- Set up your new authenticator while you still have the old one
- Verify the codes work
- Then retire the old device
Google Authenticator export:
- Open the app
- Menu → Transfer accounts
- Export accounts
- Scan with your new phone
Common Mistakes
Don't Do This
- ❌ Store backup codes in unencrypted notes
- ❌ Share codes with anyone
- ❌ Use the same code twice (won't work)
- ❌ Delete your authenticator before disabling MFA
Do This Instead
- ✓ Save backup codes in a password manager
- ✓ Use encrypted storage
- ✓ Keep codes private
- ✓ Disable (Revoke) MFA before removing your authenticator
Troubleshooting
Backup Code Not Working
Check:
- Typed correctly (no typos)
- Code not already used
- Correct account (not an old set of codes)
- Include dashes or not (try both)
Authenticator Code Wrong
- Check your phone's time is accurate
- Enable "automatic time zone"
- Try the next code (codes rotate every 30 seconds)
- Verify you're using the correct Zenovay entry in the app
Account Already Recovered
If you suspect someone else recovered the account:
- Contact support immediately
- The account may be compromised
- A full security review may be needed
SSO Users
If you sign in to Zenovay through enterprise single sign-on:
- Two-factor authentication is managed by your identity provider, not by Zenovay
- Contact your IT department or identity-provider admin to recover access