Recovering Access When You Lose Your 2FA Authenticator
What to do if you've lost access to the authenticator app you set up for DocuClipper two-factor authentication.
If you set up two-factor authentication on your DocuClipper account and then lost access to the authenticator app (new phone, deleted Google Authenticator, wiped device, etc.), you'll be stuck at the 6-digit-code prompt at login. This page explains how to get back in.
Important: DocuClipper does not issue backup codes
Some products generate one-time backup codes when you enable 2FA. DocuClipper does not. When you set up 2FA, you scan a QR code into your authenticator app and that's it. There's no separate list of recovery codes to print.
That means there's only one self-serve safeguard, and it's something you need to set up before you lose access:
- Save the 2FA secret in more than one place. During setup, the QR code can also be entered manually as a base32 secret. Most authenticator apps let you add the same secret to multiple devices (your phone and a backup phone, or 1Password and your phone). If you've already done this, you'll still have a working code on the backup device, and you can log in normally.
If you didn't do this, see the recovery path below.
If you've already lost access
- Email support@docuclipper.com from the email address on your DocuClipper account. Subject: "Lost 2FA - need to reset."
- In the body, tell us:
- The email address on the account.
- When you last successfully logged in.
- That you no longer have access to the authenticator app and want 2FA disabled so you can sign in.
- We'll verify it's actually you (we'll typically reply asking you to confirm a few account details: most recent invoice number, plan name, recent job activity, or a code we email to a recovery address). This step is deliberate. We don't want to be the easy path around someone else's 2FA.
- Once verified, support will disable 2FA on your account. You'll then be able to log in with email and password as normal. Re-enable 2FA right away at Settings → Two-Factor Auth, and this time set up the secret on a second device or password manager too.
Turnaround is typically same-day during business hours (US Eastern). Please don't open multiple tickets, it slows the verification, not speeds it up.
What we cannot do
- We cannot read your existing 2FA secret back to you. The secret is stored encrypted and not exposed through any interface, including support tooling. The fix is always "disable 2FA, you set it up again."
- We cannot disable 2FA based on a request from anyone other than the account owner. If your account is on a contract with multiple users and you're not the admin, ask your account admin to contact us. Admins can also disable 2FA on their own accounts the normal way (Settings → Two-Factor Auth → Disable, with a current code).
If you're an admin and a teammate is locked out
Admins on a contract cannot directly disable another user's 2FA from the DocuClipper UI. Have the affected user email support themselves from their own account email. We'll loop you in if we need an admin-level confirmation.
Preventing this next time
When you re-enable 2FA, do at least one of:
- Add the 2FA secret to a second authenticator app on a different device. If you use 1Password, Bitwarden, or a similar password manager, store the TOTP there in addition to a phone-based authenticator.
- Use an authenticator app with cloud backup enabled (Authy, Microsoft Authenticator, 1Password). This way a new phone can restore your tokens.
- Keep a screenshot of the QR code (or the manual secret string) in your password manager. This is the equivalent of a backup code and lets you re-add the account to any TOTP app.
Treat the 2FA secret like a password. Anyone with it can generate valid codes for your account.