I lost my authenticator app — how to recover access — AgroYield Help Center

If you've turned on two-factor sign-in and your phone is lost, broken, or wiped, you have two paths back into your account: use a recovery code (self-serve) or ask an admin to reset MFA for you (operator-assisted).

Self-serve recovery using a recovery code

When you enabled MFA on /account/security, we showed you 10 recovery codes and asked you to save them somewhere safe (on paper, in a password manager, in a sealed envelope). Each code is a one-time bypass — you can use it once to get into your account if your authenticator is unavailable.

To use one:

Sign in normally with your email + password.
On the MFA challenge screen, click "Use a recovery code instead" (below the 6-digit input).
Type one of your recovery codes in the format XXXX-XXXX-XXXX (12 characters, dashes optional).
We'll verify the code, disable MFA on your account, and land you on the dashboard with a banner reminding you to re-enrol.

After a successful recovery:

The recovery code you used is consumed (can't be used again).
ALL your remaining recovery codes are wiped (a leaked sheet shouldn't keep working after recovery).
MFA is disabled on your account so you can sign in normally next time.
Go to /account/security and re-enrol MFA + generate a new sheet of recovery codes within 24 hours.

What if you've also lost the recovery codes

If you can't find the codes (or never saved them), an account admin can reset MFA for you. The flow:

Email support@agroyield.africa from the address on your account.
Tell us you've lost both your authenticator and your recovery codes.
We'll verify your identity through other channels (account history, recent activity, sometimes an ID check for high-stakes accounts).
Once verified, an admin clicks the Reset MFA button on your profile in our admin panel. We'll send you a confirmation email + a Slack notification fires internally so the action is logged.
You can sign in normally on your next attempt. Re-enrol MFA from /account/security.

The admin reset is intentionally a slower path — it requires a real human to verify your identity — because if it were instant, anyone who phished your password could trigger it.

Best practice

Save your recovery codes in two places: one digital (password manager) + one physical (printed and stored somewhere safe). The Print button on /account/security → Recovery codes formats them on a single sheet for easy filing.

When your codes count drops to 3 or fewer (we show an amber warning), regenerate a fresh sheet from /account/security. Regenerating invalidates ALL the previous codes and gives you 10 new ones.

What MFA reset DOESN'T do

It doesn't change your password. It doesn't sign you out of other devices. It doesn't affect your operator PIN (a separate factor that gates sensitive admin actions like role grants and disbursements — it has its own recovery path on /account/security).

Self-serve recovery using a recovery code

To use one:

On the MFA challenge screen, click "Use a recovery code instead" (below the 6-digit input).

Type one of your recovery codes in the format XXXX-XXXX-XXXX (12 characters, dashes optional).

We'll verify the code, disable MFA on your account, and land you on the dashboard with a banner reminding you to re-enrol.

After a successful recovery:

The recovery code you used is consumed (can't be used again).

ALL your remaining recovery codes are wiped (a leaked sheet shouldn't keep working after recovery).

MFA is disabled on your account so you can sign in normally next time.

Go to /account/security and re-enrol MFA + generate a new sheet of recovery codes within 24 hours.

What if you've also lost the recovery codes

If you can't find the codes (or never saved them), an account admin can reset MFA for you. The flow:

Email support@agroyield.africa from the address on your account.

Tell us you've lost both your authenticator and your recovery codes.

We'll verify your identity through other channels (account history, recent activity, sometimes an ID check for high-stakes accounts).

Once verified, an admin clicks the Reset MFA button on your profile in our admin panel. We'll send you a confirmation email + a Slack notification fires internally so the action is logged.

You can sign in normally on your next attempt. Re-enrol MFA from /account/security.

The admin reset is intentionally a slower path — it requires a real human to verify your identity — because if it were instant, anyone who phished your password could trigger it.

Best practice

When your codes count drops to 3 or fewer (we show an amber warning), regenerate a fresh sheet from /account/security. Regenerating invalidates ALL the previous codes and gives you 10 new ones.