Scoutinternal

Two-Factor Authentication (2FA) Reset Requests

Two-Factor Authentication (2FA) Reset Requests

Problem

Customers contact support when they cannot complete 2FA during login to their BitGo account. Common causes include losing access to their authenticator app (new phone, factory reset), no longer having the registered phone number for SMS-based 2FA, failed self-service ID verification, or account freeze due to too many failed 2FA reset attempts. This affects access to both production (app.bitgo.com) and test (app.bitgo-test.com) environments across all wallet types.

Diagnostics

  • Look up the customer's account using their registered email address in the admin tool. Confirm the account exists — if the email does not match, ask the customer for the correct registered email.
  • Check otpDevices on the user record to identify what 2FA method is registered (e.g., "type": "yubikey", TOTP app, SMS).
  • Check account state ("overallState") — if frozen, the account was locked due to too many failed 2FA reset attempts.
  • Check walletCounts to determine whether the user has personal or enterprise wallets and their balances (relevant for verification path selection).
  • Identify the user's enterprise, entity (BitGo Inc vs. BitGo Trust), plan type, and source (e.g., ftx-retail) — this determines whether a video call or wallet-ownership verification is required.
  • Determine whether the account is on the production environment (app.bitgo.com) or the test environment (app.bitgo-test.com) — test accounts may be reset without full verification.
  • Check if the user has completed initial verification (KYC) — if not, a video call may serve dual purpose.

Resolution

Scenario: fa-reset-my-code#manual-reset-wallet-verification

Trigger: Customer has lost access to their 2FA device (new phone, lost authenticator, changed phone number) and is a non-premium/personal wallet user.

Signals: 2FA reset, lost phone, Google Authenticator, new phone, changed number, can't login, personal wallet, non-enterprise

Steps:

  1. Confirm the customer's registered email and locate the account in admin tools.
  2. Request the following verification information from the customer:
    • Date of BitGo email verification (instruct them to search for "Your BitGo Email Verification" in their inbox)
    • 3 transaction hashes either to or from their wallet. If they do not have their transaction hash (TXID), they must contact the Bitcoin exchange from which they first received their bitcoin and request the TXIDs from that exchange's support team. If they have not made any transactions to or from a BitGo wallet, ask them to let you know.
    • Wallet balance in cryptocurrency (ask them to provide the name of the wallet). If they haven't created wallets, ask them to let you know.
  3. If the customer cannot provide the above, offer the alternative: "If you do not have the above information, we can also accept the First 8 characters and the Last 8 Characters of the Bitgo Public Key from your keycard. Please provide the name of the wallet the keycard info applies to."
  4. Clarify that the BitGo Public Key is found on the wallet keycard (Box C) — a PDF file generated when the wallet was initially created.
  5. Validate the provided information against account records (sign-up date, wallet balance, transaction hashes, or keycard xpub first 8 / last 8 characters).
  6. If verification passes, execute the 2FA reset via admin tool: bga user resetotp and confirm when prompted.
  7. Notify the customer: "We have completed the process of resetting your Two-Factor Authentication. Please log back into your account, and follow the instructions to set up your Two-Factor Authentication again."

Notes: If the customer has zero transactions and zero balance, verification can still proceed using the email verification date and confirmation of zero balance/no transactions. If the customer cannot provide any of the required information (transactions, balance, keycard), the reset cannot be performed.

"Alternatively, you may provide us the first and the last 8 characters of your BitGo Public Key found on your wallet keycard (Box C)" "If you do not have the requested information. Alternatively, you may provide us the first 8 and the last 8 characters of your BitGo Public Key found on your wallet keycard (Box C)." "My BitGo Public Key: Data: xpub661M >>>>>> DAZx6BjV"

Scenario: fa-reset-my-code#video-verification-premium-enterprise

Trigger: Customer is a premium/enterprise user or has already been initially verified by BitGo, requiring video ID verification for the 2FA reset.

Signals: 2FA reset, enterprise account, premium client, video verification, Calendly, government ID, video conference

Steps:

  1. Confirm the customer's registered email and locate the account in admin tools.
  2. Verify that the 2FA reset request is being sent from the email address registered on the BitGo account. If the request comes from a different email address, instruct the customer to re-send the request from their registered account email before proceeding. Do not schedule a video call or disclose any account details (including the configured 2FA method) until the request originates from the registered email.
  3. Send the customer a scheduling link for video ID verification:
  4. Instruct the customer: "Please be ready to provide your government issued photo ID during this meeting. Please reference ticket #[TICKET_NUMBER] when scheduling."
  5. Include the note: "If you are not initially verified by BitGo, please bring the person on the call who has already verified and can authorize your identity."
  6. Conduct the video call and verify the customer's government-issued photo ID.
  7. Upon successful verification, execute the 2FA reset via admin tool.
  8. Notify the customer: "Thank you for meeting with us. We have completed the 2FA reset as requested."

Notes: For test environment accounts (app.bitgo-test.com), video verification may not be required — the reset can be performed directly without a meeting. Confirm environment before scheduling.

"Please use the following link to schedule a time to meet with us and verify the request: https://calendly.com/bitgo-client-delivery/videoid. Please be ready to provide your government issued photo ID during this meeting. Please reference ticket #00201914 when scheduling." "We can send you a scheduling link to setup a time to meet with us for a video verification. Once verified, we can reset the 2FA. From there, you can reconfigure at your leisure with whatever method works best for you. If this works for you, please use the following link to schedule a time to meet with us and verify the request: https://calendly.com/bitgo-client-delivery/kyc"

Scenario: fa-reset-my-code#account-frozen-too-many-attempts

Trigger: Customer's account is frozen because they attempted to reset 2FA too many times, triggering automatic account freeze.

Signals: account frozen, BitGo Account Frozen, too many failed attempts, unfreeze, frozen account

Steps:

  1. Confirm the frozen status in admin tools (account state shows frozen).
  2. The customer will have received an email with subject "[Important] BitGo Account Frozen" stating: "Your BitGo account is frozen. To unfreeze your account, you must schedule video ID verification with BitGo."
  3. Send the customer the Calendly scheduling link for video ID verification: https://calendly.com/bitgo-client-delivery/videoid
  4. Instruct the customer to have their government-issued ID ready and reference the ticket number when scheduling.
  5. After successful video verification, unfreeze the user account in admin tools and reset the 2FA device.
  6. Notify the customer that the 2FA has been reset and instruct them to log in and re-register a new 2FA device.

Notes: Some frozen accounts may also need the agent to explicitly unfreeze the user before the 2FA reset can take effect. Check for "Unfreeze User" action in admin tools. This scenario is common with FTX creditor accounts where users are new to BitGo.

"Reason: BitGo froze your account due to too many failed attempts to reset your 2FA." "I have accidentally reset the 2FA too many times leading to the account been frozen. Will need your assistance to reset the 2FA for my account as I am awaiting for the FTX claims payout."

Scenario: fa-reset-my-code#self-service-id-verification-failed

Trigger: Customer attempted the self-service 2FA reset flow but ID verification failed (document not readable, unsupported country, or technical error on the Reset 2FA page).

Signals: ID verification failed, driving license, national ID, couldn't verify ID, Reset 2FA link error, server error, bg-ui error, authentication services unavailable

Steps:

  1. Confirm the customer attempted self-service reset and it failed (ask for error details or screenshots).
  2. If the error is a server error on the Reset 2FA page (e.g., server error requestId=bg-ui-0a9404c95a12bb5b2c83762e44cfa6c1), verify the user's account exists under the correct email, check their registered 2FA device type, and advise them to try the self-service reset again at https://app.bitgo.com/web/auth/login > locate "Reset 2FA."
  3. If their country is unsupported for automated ID verification (e.g., China — "authentication services are unavailable"), proceed with the manual verification path: request wallet ownership details (email verification date, 3 TXIDs, wallet balance) or keycard first 8 / last 8 characters (Box C).
  4. If the customer's physical ID document could not be read by the automated system, proceed with the manual verification path as above.
  5. Once verified, execute the 2FA reset via admin tool and notify the customer.

Notes: The self-service reset flow includes Persona ID and liveness verification. It may fail for various document types or countries. When automated verification is unavailable, fall back to the manual verification path.

"I attempted to reset my 2FA, but during the identity verification process, I selected China and received a notification that authentication services are unavailable." "When I click on the 'Reset 2FA' link and error is generated on the page. Following is the error code: Error server error requestId=bg-ui-0a9404c95a12bb5b2c83762e44cfa6c1"

Scenario: fa-reset-my-code#2fa-failure-due-to-platform-outage

Trigger: Customer reports 2FA is failing intermittently but has not lost their device — issue resolves on its own, suggesting a transient platform problem.

Signals: 2FA keeps failing, intermittent, timeout, takes too much time, outage, signing worker

Steps:

  1. Check https://status.bitgo.com/ for any ongoing or recent outages.
  2. Verify with engineering if there was a temporary issue with the signing worker or authentication services during the reported timeframe.
  3. Advise the customer to clear their browser cache and cookies and try again.
  4. Suggest trying from another device (non-mobile) and network.
  5. If the issue resolves itself, confirm with the customer and close the ticket.

Notes: This is not a 2FA reset scenario — the customer still has their 2FA device. The failure is caused by a transient platform issue. Do not reset their 2FA unless they specifically request it and the outage explanation does not resolve the problem.

"Yes, we have a brief outage as there was a temporary issue with our signing worker, which caused intermittent failures in the signing process. Our Engineering team promptly received the alerts and addressed the problem, resolving it almost immediately. However, this issue should not had caused an issue with our platform login and 2FA."

Scenario: fa-reset-my-code#wallet-password-confused-with-2fa

Trigger: Customer confuses their wallet password with their login 2FA code, typically in the context of FTX distributions where they are trying to withdraw funds.

Signals: wallet password, incorrect wallet password, FTX, transfer error, can't withdraw, two-factor authentication confused with wallet password

Steps:

  1. Clarify to the customer that the wallet password is different from the login password and 2FA code. The wallet password is set when a wallet is created and is used specifically when signing transactions (withdrawals).
  2. Instruct the customer to switch to the old UI if needed: "Click on the profile icon in the top right corner" → "Click on Switch to classic view."
  3. If they have forgotten their wallet password, direct them: "Go to Trade > Wallet Details > Settings > Forgot Wallet Password."
  4. This is not a 2FA reset issue — do not reset 2FA.

Notes: This scenario is common among FTX creditors receiving distributions who are new to BitGo. The error message indicating incorrect wallet password appears during withdrawal, not during login.

"The error message indicates that the wallet password used during the withdrawal request is incorrect. Please try again and make sure to use the correct wallet password. If you happened to forgot the wallet password you may goto Trade > Wallet Details > Settings > Forgot Wallet Password" "Please be informed that access to the specified options requires the switch to the old UI. Step 1 :- Click on the profile icon in the top right corner Step 2:- Click on Switch to classic view"

Scenario: fa-reset-my-code#test-environment-reset

Trigger: Customer needs 2FA reset on the test environment (app.bitgo-test.com), not production.

Signals: test, bitgo-test, app.bitgo-test.com, test environment, testnet

Steps:

  1. Confirm the request is for the test environment (app.bitgo-test.com).
  2. Test environment accounts can typically be reset directly without full wallet-ownership verification or video call.
  3. Execute the 2FA reset via admin tool for the test environment.
  4. Notify the customer: "We have completed the process of resetting your Two-Factor Authentication. Please log back into your account, and follow the instructions to set up your Two-Factor Authentication again."

Notes: There is no need for video verification or wallet-ownership proof for test environment accounts. Confirm the environment before applying production-level verification requirements.

"@Chetankumar Prajapati​ This was for Test, there was no need for us to have to meet. He didn't have a production account."

Related

  • two-step-verification-setup — Covers the new 2FA setup flow, recovery codes, and self-service reset steps for users who still have recovery codes.
  • how-to-reset-two-factor-authentication — Legacy self-service 2FA reset instructions for users with less than 2 BTC; references the 48-hour waiting period.
  • managing-wallet-users — Relevant when a user needs to be re-added to an enterprise or wallet after regaining account access.