From Miraheze Meta, Miraheze's central coordination wiki

Miraheze uses OATHAuth, an extension for adding two-factor authentication (2FA) to your Miraheze account.

Enabling two-factor authentication[edit | edit source]

 Note: Write down your recovery codes, and store them in a safe place. Per the section below, it may be difficult to regain access to your account if you lose your device and your recovery codes!

Recovering your account[edit | edit source]

Disabling two-factor authentication (while not logged in to the account) can only be done by editing the global account's information in the database, which has to be done by System administrators.

Unfortunately, because most people don't positively identify themselves before losing access to their accounts, Miraheze system administrators have a hard time determining if someone claiming to be locked out of an account is really who they say they are.

There are two options for recovering your account, which may or may not be applicable to a user's specific case:

  1. Miraheze system administrators have absolute discretion, as they may technically speaking remove two-factor authentication from any account. Usually, this is only done if the account belongs to someone that the system administrator believes they can positively identify, such as people who frequently talked to them via IRC or email before the incident.
  2. Identify yourself via a user committed identity before losing access to your account. If your account is compromised, you could privately reveal the entire secret phrase to a system administrator, who would hash the phrase to verify your identity. Please choose your secret string wisely, as system administrators have sole discretion in determining whether this method is enough to identify you.

Please see more details here.