MFA Recovery

Recover access to your Zenovay account when you've lost your MFA device or codes.

Recovery Options

Option 1: Backup Codes (Fastest)

If you saved your backup codes:

1. Go to login page
2. Enter email and password
3. When prompted for MFA code
4. Click "Use backup code"
5. Enter one of your backup codes
6. Access restored!

After using backup code:

1. Go to Settings → Security
2. Click Reset MFA
3. Set up new authenticator
4. Generate new backup codes

Option 2: Backup Phone Number

If you added a backup phone:

1. On MFA screen, click "Try another method"
2. Select "SMS to backup phone"
3. Enter code received
4. Access restored

Option 3: Email Recovery

If email recovery is enabled:

1. Click "Try another method"
2. Select "Email recovery"
3. Check email for code
4. Enter code
5. Access restored

Option 4: Support Verification

If no backup methods available:

1. Email support@zenovay.com
2. Subject: "MFA Recovery Request"
3. Include account email
4. Follow verification process

Using Backup Codes

Where to Enter

Enter your authentication code

[______] ← Enter backup code here

□ Use a backup code

Backup Code Format

Codes look like:

a7b2-c9d4-e5f6
m3n4-o5p6-q7r8

Enter with or without dashes.

Single Use

Each backup code works once:

• After use, it's invalid
• Cross it off your list
• You have limited codes (usually 10)

Running Low on Codes?

If down to last few codes:

1. Log in with remaining code
2. Go to Settings → Security
3. Generate New Backup Codes
4. Save new codes securely

Support Verification Process

What's Required

To verify identity:

1. Account email - The email you signed up with
2. Recent activity - Describe recent account actions
3. Payment method (if applicable) - Last 4 digits
4. Account details - Websites tracked, team members, etc.

Process Timeline

Plan	Response
Free	2-3 business days
Pro	1 business day
Scale	Same day
Enterprise	4 hours

What to Include in Email

Subject: MFA Recovery Request

Account Email: your@email.com

Verification Information:
- I created this account on approximately [date]
- My websites tracked: [list websites]
- Team members on account: [names if any]
- Last payment: [month/year if applicable]
- Recent activity: [what you were doing]

I've lost access to my authenticator because:
[explain situation]

Please help me recover access to my account.

Verification Questions

Support may ask:

• When did you create the account?
• What websites are you tracking?
• What plan are you on?
• Last successful login location?
• Recent support tickets?

After Recovery

Secure Your Account

1. Set up new MFA

   • Use fresh authenticator
   • Don't restore old backup

2. Generate new backup codes

   • Old codes may be compromised
   • Save securely this time

3. Add backup methods

   • Backup phone number
   • Recovery email

4. Review security

   • Check login history
   • Review connected devices
   • Change password if concerned

Prevent Future Lockouts

1. Multiple backup methods

   Primary: Authenticator app
   Backup 1: SMS to phone
   Backup 2: Recovery email
   Backup 3: Printed backup codes
   

2. Secure backup code storage

   • Password manager (encrypted)
   • Safe deposit box
   • Encrypted cloud storage
   • NOT plain text file

3. Use cloud-synced authenticator

   • Authy (syncs across devices)
   • 1Password (stores in vault)
   • Keeps backup automatically

Authenticator Apps

Recommended Apps

App	Cloud Sync	Free
Authy	Yes	Yes
1Password	Yes	No
Google Authenticator	Limited	Yes
Microsoft Authenticator	Yes	Yes

Transferring Authenticator

If getting new phone:

Before losing old phone:

1. Export from old authenticator
2. Set up on new phone
3. Verify codes work
4. Then remove from old

Google Authenticator export:

1. Open app
2. Menu → Transfer accounts
3. Export accounts
4. Scan with new phone

Common Mistakes

Don't Do This

• ❌ Screenshot backup codes (can be synced/stolen)
• ❌ Store in unencrypted notes
• ❌ Share codes with anyone
• ❌ Use same code twice (won't work)
• ❌ Delete authenticator before disabling MFA

Do This Instead

• ✓ Print and store physically secure
• ✓ Save in password manager
• ✓ Use encrypted storage
• ✓ Keep codes private
• ✓ Disable MFA before removing authenticator

Troubleshooting

Backup Code Not Working

Check:

• Typed correctly (no typos)
• Code not already used
• Correct account (not old codes)
• Include dashes or not (try both)

SMS Not Arriving

• Wait 2-3 minutes
• Check correct phone number
• Check signal
• Click "Resend"
• Check SMS not blocked

Authenticator Code Wrong

• Check phone time is accurate
• Enable "automatic time zone"
• Try adjacent codes (30 second window)
• Verify correct Zenovay entry

Account Already Recovered

If someone else recovered:

1. Contact support immediately
2. Account may be compromised
3. Full security review needed

Enterprise Considerations

Admin Recovery

Enterprise admins can:

• Reset user MFA
• Bypass for specific user
• Audit MFA status

Contact your admin if Enterprise.

SSO Users

If using enterprise SSO:

• MFA managed by identity provider
• Contact your IT department
• Zenovay MFA may not apply

Next Steps

• Set Up New MFA
• Backup Codes
• Security Best Practices