Scoutinternal

Two-Factor Authentication (2FA) Reset for BitGo Personal Wallet Users

Two-Factor Authentication (2FA) Reset for BitGo Personal Wallet Users

Problem

Customers contact support because they have lost access to their two-factor authentication method (phone reset, lost authenticator app, Yubikey unavailable, or errors during 2FA setup) and cannot log in to their BitGo account. This affects users of BitGo personal wallets (commonly BTC) who need a manual 2FA reset performed by support after identity/ownership verification fails or is unavailable through the self-service flow.

Diagnostics

  • Confirm the customer can still authenticate with email and password (the 2FA prompt is the blocking step).
  • Look up the account in the admin tool and check:
    • walletCounts — does the user have personal or enterprise wallets, and on which coins?
    • Whether the account has a balance and transaction history.
    • The userSignup record — note the signup date and IP for later verification.
  • Determine whether the customer has previously generated 2FA recovery codes (if so, they should use the self-service recovery flow first).
  • Check if the account is frozen due to too many failed 2FA reset attempts. If frozen, the agent must unfreeze before proceeding.
  • Verify the customer is not an enterprise/institutional user — enterprise accounts follow a different process involving admin approval.
  • For FTX creditor accounts, note that many users created accounts solely for FTX distributions and may have zero balance and no transactions; adjust verification requirements accordingly.

Resolution

Scenario: factor-two-reset-twofactor#standard-manual-reset

Trigger: Customer has lost access to their 2FA device or authenticator app and cannot complete the self-service reset flow. They have wallet history and/or a keycard.

Signals: 2FA reset, two factor reset, lost authenticator, phone reset, cannot log in, Google Authenticator lost

Steps:

  1. Reply to the customer requesting ownership verification. Ask for all of the following:
    • Date of BitGo email verification (instruct them to search their inbox for "Your BitGo Email Verification").
    • 3 transaction hashes (TXIDs) either to or from their wallet. If they do not have TXIDs, advise them to contact the exchange from which they originally sent bitcoin to obtain the TXIDs.
    • Wallet balance (in cryptocurrency, with wallet name).
  2. If the customer cannot provide the above, offer the alternative: the first 8 characters and the last 8 characters of the BitGo Public Key from their wallet keycard (Box C). The key should start with "xpub...". Remind the customer to refer to their wallet keycard PDF file.
  3. Cross-check the information provided against admin records:
    • Signup date must match the userSignup verified date.
    • At least 2 out of 3 TXIDs must match on-chain records for the wallet.
    • Balance must approximately match (zero balance is acceptable if confirmed in records).
  4. If verification passes (2/3 or more criteria met), perform the manual 2FA reset in the admin tool.
  5. Notify the customer: "We have completed the process of resetting your Two-Factor Authentication. Please log back into your account, and follow the instructions to set up your Two-Factor Authentication again."
  6. If verification fails, do not reset. Ask the customer to re-check their information or provide the keycard Box C alternative.

Notes: - The BitGo Public Key on the keycard (Box C) starts with "xpub". If the customer provides a value starting with "v2x" or other prefixes, it is not the correct field — direct them back to Box C.

  • Some customers may need both steps (verification + reset) completed in the same day due to scheduling constraints. The reset can be performed immediately once verification passes; there is no mandatory multi-day wait for the manual process itself.

"BitGo Public key should be starting with 'xpub...' Please try to check again and refer to your wallet keycard PDF file Public key (Box C)" (ticket #78941)

"We have completed the process of resetting your Two-Factor Authentication as you have provided the correct sign up date and transaction hashes." (ticket #202854)

"Date of BitGo email verification (search for 'Your BitGo Email Verification' in inbox) ... If you do not have the above information, we can also accept the First 8 characters and the Last 8 Characters of the Bitgo Public Key from your keycard." (ticket #250705)

Scenario: factor-two-reset-twofactor#new-account-no-transactions

Trigger: Customer created a BitGo account recently (often for FTX distribution) and has no wallets, no transactions, and no keycard — standard verification criteria cannot be met.

Signals: FTX, no transactions, no wallet created, zero balance, new account, cannot provide TXID, no keycard

Steps:

  1. Ask the customer to provide the date of their BitGo email verification (search inbox for "Your BitGo Email Verification").
  2. If the customer confirms they have never made any transactions and have not created a wallet, verify the signup date against the userSignup record in admin.
  3. If the signup date matches and the account genuinely shows no wallets or balance, request a full-screen screenshot of a recent BitGo email (not a support thread) showing complete To and From headers for email ownership confirmation.
  4. Once verified, remove the freeze / reset 2FA as appropriate and notify the customer.
  5. Direct the customer to the FTX FAQ if applicable: https://www.bitgo.com/ftx-faq/

Notes: - These accounts are common among FTX creditors who signed up solely to receive distributions. They may not understand BitGo wallet concepts or keycards.

  • If the customer proposes deleting their account and starting fresh, note that this is generally not recommended — a 2FA reset on the existing account is preferred.

"I have not made any single transaction to nor from Bitgo wallet so far... I am not even sure if I ever created a wallet or not. Bitgo was new to me and I only registered because it was the option proposed for us to receive our FTX funds." (ticket #250705)

"We have successfully validated the details provided and have removed the freeze on your account. Please try accessing the account and let us know if you encounter any issues." (ticket #250705)

Scenario: factor-two-reset-twofactor#2fa-setup-errors

Trigger: Customer can log in but encounters errors when attempting to set up or complete 2FA for the first time (or re-setup after a reset), often on a mobile browser.

Signals: error message, cannot complete 2FA setup, 2 factor ID error, mobile browser, error during setup

Steps:

  1. Advise the customer to:
    • Clear their browser's cache and history (all-time).
    • Access the platform using an incognito or private browsing window.
    • Switch from a mobile browser to a personal laptop or desktop using Google Chrome.
  2. If the issue persists after these steps, proceed with a manual 2FA reset (follow the standard manual reset scenario above for verification).
  3. After resetting, confirm with the customer that they can now set up 2FA successfully.

Notes: - Mobile browsers are a common source of 2FA setup failures. Always recommend desktop Google Chrome first.

  • If the customer reports the account is frozen after multiple failed attempts, the agent must unfreeze the account before the customer can retry.

"If you are currently using a mobile browser, we recommend switching to a personal laptop or desktop Google Chrome browser for better compatibility and performance." (ticket #283224)

"We've successfully reset the 2FA on your account. Could you please check if everything is working as expected?" (ticket #283224)

Scenario: factor-two-reset-twofactor#account-frozen-failed-attempts

Trigger: Customer's account has been frozen due to too many failed 2FA reset or verification attempts.

Signals: account frozen, freeze, too many attempts, failed attempts, locked out

Steps:

  1. Confirm in the admin tool that the account shows a freeze status due to failed 2FA attempts.
  2. Proceed with ownership verification using the standard criteria (signup date, TXIDs, balance, or keycard Box C characters).
  3. Once ownership is verified, remove the freeze on the account in the admin tool.
  4. Perform the 2FA reset.
  5. Notify the customer that the freeze has been removed and they should log in to set up 2FA again.

Notes: - BitGo freezes accounts after a limited number of failed attempts to prevent unauthorized access. This is by design.

  • The customer cannot retry self-service reset while frozen; a support-assisted reset is required.

"We have successfully validated the details provided and have removed the freeze on your account." (ticket #250705)

Related

  • two-step-verification-setup — Covers the new 2FA system including recovery codes that may prevent future manual resets.
  • 2fa-resets — Documents the self-service 2FA reset flow and risk-based factors (identity check, recovery codes, IP cooldown).
  • ftx-creditor-account-setup — Relevant for new accounts created specifically for FTX distributions with no prior wallet activity.