Learning From My Mistakes

October 4, 2020

Hi, I’m Steve, and I used to have a little slice of the web called The Art Directed Journal. My site was essentially a bunch of Github Pages that I had cobbled together as an excuse to practice HTML, CSS and improve my writing skills. It was essentially a fancy blog where each post had its own, unique style. I say that I used to have this site because due to a two-factor authentication snafu that was entirely my fault, I am essentially locked out of my Github account forever.

My Github woes started a few weeks ago, after I updated my iPhone 11 to iOS 14. I had been running the iOS 14 public betas for a few weeks prior with absolutely no issues. Naturally, as soon as Apple released the production version of iOS 14, I updated to it and deleted my public beta profile. However, I started to experience two issues that I had not previously experienced while running the public betas — my phone ran a little hotter than normal, and the battery life was substantially worse. Since my battery health/capacity still showed 100%, I decided to wipe the phone and completely reset to factory settings. The factory reset resolved both issues.

Two-factor authentication is beautiful thing. It is one of the easiest ways to keep your accounts from being compromised. For those who might not be aware, two-factor authentication is something you know (like your username and password) combined with something you either “are” (bio-metrics) or “possess” (like a YubiKey or an authentication code generated by an app like Google Authenticator or Microsoft Authenticator). Once a rare feature to be offered, most services, such as GMail, iCloud, Outlook.com, Twitter, Facebook, Instagram, and AWS, along with most banks, Amazon, etc., now offer two-factor authentication, and Github is no exception.

However, two-factor authentication is a two-edged sword. On one hand, if implemented correctly (i.e. not using SMS (text message codes) unless you just absolutely have to, since SIM swapping is a real thing) it can keep bad actors out of your account. On the other hand, if you don’t take the necessary precautions (i.e. back ups), you can quite easily get permanently locked out of your account. That’s what happened to me.

Before wiping my iPhone, I took the necessary steps to ensure that I would not be locked out of my iCloud account, my work related accounts, my Google account, and my Microsoft account. However, with Github, I believe that a mistake that I may have made when I switched to the iPhone 11 from my old iPhone SE, came back to haunt me. When I originally set up the SE, I made the decision to use the Google Authenticator app for my Github account. I had been using it on my previous phone, a Nextbit Robin, and it made sense to keep using the Google app. When I got my iPhone 11, I also took the necessary steps to correctly set up the Google Authenticator app on this new iPhone, and I made sure that all the accounts successfully transitioned over, including Github. However, I think I forgot to make a copy of my backup codes when making this change.

After wiping my iPhone 11 and freshly installing iOS 14, I quickly realized that I was locked out of Github. I still had the Google Authenticator app on my old iPhone SE, but those codes no longer worked. I unfortunately did not have any active sessions in any browsers, and for some reason, my connectivity to Github through Visual Studio Code was no longer working. I did find some backup codes, which I had saved and stored in an AES 256 bit encrypted .zip file. However, none of those codes worked. This means that they were probably the backup codes originally generated when I originally set up two-factor back when I switched to the iPhone SE. After a few emails with Github support, I realized that there was nothing that can be done. That was that. They offered to remove my email address from that Github account, but there was nothing that they could do on their end. The Art Directed Journal is no more. Well, it’s still there, but will certainly never be contributed to again.

A few lessons learned...

Always have a backup, and don’t skip steps.

If I had made sure that I had the right backup codes for my Github account before wiping my phone, this would never have been an issue. I thought that I had them, but they turned out to be the wrong ones. I will not make this mistake again.

Nothing is permanent.

When it’s time to move on, it’s time to move on. All good things eventually come to an end. I may rebuild it later, but right now I have no appetite to do so.

Maybe I should do better about abiding by an Amish approach to technology.

My internet friend Patrick Rhone abides by an “Amish approach to technology”. I try to do the same. My daily driver laptop runs a long term support version of Ubuntu. I don’t download every new app or try every new service that comes along. I generally stick with what is tried and true, as long as what is tried and true continues to get the job done. I had made a stout resolution not to upgrade to iOS 14, and even though the betas were stable (I only installed the public beta profile well into the public beta process — I think it was like beta 5), the production version burned me for some reason. Lesson learned.

What now?

Well, I created a new Github account and here I am. I plan to keep creating art directed blog posts here because it's fun. I probably will not post too frequently for a while, since life is extremely hectic at the moment, but nonetheless, stay tuned.

Table of Contents