Skip to searchSkip to content

Recovering your 2FA-enabled account

Table of contents

When you have two-factor access enabled on your account, and you lose access to your 2FA device, you may be able to recover your account using the following methods.

Misplaced second factor device

If you have misplaced the device that provided second-factor authentication, you can use the recovery codes generated when you enabled 2FA to access your account.

Using recovery code on the web

  1. Locate the recovery codes generated that you have saved.

  2. On the npm "Sign In" page, enter your account details and click Sign In. Screenshot of npm login dialog
  3. On the "Two-Factor Authentication" page, click Use a recovery code or request a reset. Screenshot showing Security Key prompt with a link to navigate to the recovery code input screen

  4. Enter an unused recovery code in the "Use a Recovery Code" prompt.

    Screenshot showing use a recovery code prompt with an input box to enter the recovery code

  5. You are now logged into npm.

  6. (Optional) To disable 2FA, see "Disabling 2FA".

Viewing and regenerating recovery code

Note: Once you regenerate a set of code, all previous recovery codes become invalid. Each code can be used only once.

  1. On the npm "Sign In" page, enter your account details and click Sign In. Screenshot of npm login dialog
  2. In the upper right corner of the page, click your profile picture, then click Account. Screenshot of account settings selection in user menu

  3. On the account settings page, under "Two-Factor Authentication", click Modify 2FA.

    Screenshot showing Modify 2FA button

  4. Click "Manage Recovery Codes" to view your recovery codes.

    Screenshot showing existing recovery codes and a button to generate set of recovery codes

  5. Click "Regenerate Code" to generate a new set of codes.

Misplaced recovery codes

If you have misplaced both your 2FA device and your recovery codes, you can contact our support team to attempt to recover your account. Provide as much information as possible to help us expedite the request faster.

  1. On the npm "Sign In" page, enter your account details and click Sign In. Screenshot of npm login dialog
  2. On the "Two-Factor Authentication" page, click Use a recovery code or request a reset. Screenshot showing Security Key prompt with a link to navigate to the recovery code input screen

  3. Under the "Use a Recovery Code" form, click Try recovering your account.

  4. On the "Request an Account Recovery" page, click Start Account Recovery. Screenshot showing account recovery page

  5. If you have access to your registered email, enter the one-time password sent to your email in the One-Time Password field, then click Verify Email Address. If you do not have access to your registered email, select Skip email verification at the bottom of the form.

  6. In the "Open a Support Ticket" form, enter the following information:
  • In the Email field, enter an email address where our support team can contact you.

  • In the How can we help? section, select Reset my two-factor authentication (2FA).

  • If you need help with anything else, in the How can we help? section, select Other and enter more information in the Additional Details field.
    • If you have previously linked a GitHub account to your npm account, select Connect to GitHub. This will help our support team verify your account.
    Screenshot showing existing recovery codes and a button to generate set of recovery codes
  1. At the bottom of the form, click Submit Support Ticket.
Edit this page on GitHub
6 contributorsshmamdependabot[bot]lukekarrysmonishcmb4mbooethomson
Last edited by shmam on October 13, 2025

Table of contents