Support

Recover from a lost 2FA authenticator

adminmanageremployee Last updated 26 April 2026

If you’ve lost access to your authenticator app — phone broken, factory reset, app deleted — and you can’t generate the 6-digit code to sign in, here’s how to recover.

Option 1: Use a backup code

When you set up 2FA, the platform showed you 10 backup codes and asked you to save them. Each code works once and is your fallback for exactly this situation.

  1. Go to app.yourhrtoolkit.com and sign in with your password.
  2. When prompted for the 6-digit code, look for the “Use a backup code instead” link.
  3. Enter one of your backup codes (8 characters, formatted like XXXX-XXXX).
  4. You’re in.

Once used, that code is no longer valid. You should generate a new set of backup codes and re-set up your authenticator on a new device.

Option 2: Re-set up your authenticator (if you got in via a backup code)

Once you’re signed in with a backup code:

  1. Click Settings in the sidebar.
  2. Open the Two-factor authentication area.
  3. Click to disable 2FA (you’ll be asked for your password).
  4. Click to re-enable 2FA.
  5. Scan the new QR code with your authenticator app on your new phone.
  6. Save the new set of backup codes somewhere safe.

Option 3: Contact your HR admin (if you’ve lost everything)

If you’ve lost access to BOTH your authenticator AND your backup codes:

  1. Contact your HR admin.
  2. They can reset your 2FA from your employee profile.
  3. The next time you sign in, the platform won’t ask for a 6-digit code (since 2FA is now off).
  4. Sign in with your password.
  5. Re-set up 2FA on your new device (recommended) immediately.

The HR admin can’t recover your old authenticator or your old backup codes — they reset 2FA so you can start over with a fresh setup.

What if my HR admin isn’t available?

For urgent cases (you genuinely can’t sign in and your HR admin is on leave), email support@yourhrtoolkit.com.au. We can help with identity verification and a 2FA reset on the platform side, but only after we’ve confirmed who you are.

We deliberately don’t expose self-service “I lost my 2FA” recovery because it would be a security weakness — anyone who got your password could also claim to have lost their 2FA. The friction of involving your HR admin is the security control.

Saving backup codes properly

To avoid being in this situation:

  • Save your backup codes the first time you set up 2FA.
  • Store them in your password manager (best place), or in a secure note app, or printed and locked in a drawer at home.
  • Don’t email them to yourself or store them in a Notes app on the same phone as your authenticator. If the phone goes, both go.

When you replace your phone proactively

If you’re getting a new phone:

  1. Before you wipe the old phone, sign into Your HR Toolkit and re-set up 2FA on the new phone.
  2. Save the new backup codes.
  3. Once 2FA works on the new phone, you can wipe the old one safely.

Don’t wait until after the wipe to discover you can’t sign in.

Permissions

Anyone can use their own backup codes. Resetting another user’s 2FA is admin only.

Related articles