Recovering your 2FA-enabled account

When you have two-factor access enabled on your account, and you lose the ability to provide the one-time password, you may be able to recover your account.

Misplaced second factor device

If you have misplaced the device that provided second-factor authentication, you can use the recovery codes generated when you enabled 2FA to access your account.

  1. Locate the recovery codes generated when you enabled 2FA on your account.

  2. If you are logged out, on the command line, log in using your npm username and npm password.

    npm login
  3. When prompted for an OTP, enter a recovery code.

  4. Once you are logged in, type npm profile disable-2fa and enter your npm password if prompted.

  5. Enter an unused recovery code when you see this prompt:

  6. npm will confirm that two-factor authentication has been disabled.

  7. type npm profile enable-2fa to re-enable 2FA, assign a different device to your account, and generate new recovery codes.

Note: Using the recovery codes to re-enable 2FA may create a second authenticator account with the same npm account name.

To delete the old authenticator account, follow the steps for the authenticator.

Misplaced recovery codes

If you have misplaced both the device that provided second-factor authentication and your recovery codes, we may be unable to help you recover your account. If you have any questions, please contact npm Support.

© npm, Inc. and Contributors
Licensed under the npm License.
npm is a trademark of npm, Inc.