OATHAuth

Miraheze uses OATHAuth, an extension for adding two-factor authentication (2FA) to your Miraheze account.

Enabling two-factor authentication
It can be enabled by following the steps on Special:OATH. For the TOTP codes, a TOTP app is needed. There are various apps available, including, but not limited to Google Authenticator for Android, Google Authenticator for iOS and WinAuth for Windows devices.

'''Write down your recovery codes, and store them in a safe place. Per the section below it may be difficult to regain access to your account if you lose your device and your recovery codes!'''

Recovering your account
Disabling two-factor authentication (while not logged in to the account) can only be done by editing the global accounts information in the database, which has to be done by System administrators.

Unfortunately because most people don't positively identify themselves before losing access to their accounts, Miraheze system administrators can have a hard time figuring out if someone claiming to be locked out of an account is really who they say they are.

There are two options for recovering your account, which may or may not be applicable to a user's specific case:
 * Miraheze system administrators have absolute discretion as they may technically speaking remove two-factor authentication from any account. Usually, this is only done if the account belongs to someone that the system administrator believes they can positively identify, such as people who frequently talked to them via IRC or email before the incident.
 * The second method would be to identify yourself via a user committed identity before losing access to your account. In the event that your account is compromised, you could privately reveal the entire secret phrase to a system administrator, who would hash the phrase to verify your identity. Please choose your secret string wisely as system administrators have sole discretion in determining whether or not this method is enough to identify you.