AwardLettr.
Try It
Back to Security & Troubleshooting

MFA Issues: Locked Out, Lost Codes, New Phone

Multi-factor authentication setup, lost device recovery, backup codes, and what to do when you get a new phone.

Beginner4 min readUpdated 2026-05-23
All roles

You'll learn

  • Which authenticator apps work with AwardLettr
  • How to generate and safely store backup codes
  • The exact steps to move MFA to a new phone
  • What recovery looks like if you lose both your device and your codes

You got a new phone and now your authenticator app is empty. Or your phone died and you cannot find your backup codes. Or you are setting up MFA for the first time and the QR code is not scanning. Or you are staring at a six-digit prompt with no way to generate one. That is what this article is about.

AwardLettr requires multi-factor authentication on every account, using the same TOTP standard your bank uses. The setup itself is a one-time thing and takes about two minutes. The wrinkle is that the TOTP secret lives only on the device that scanned the QR code, so anything that severs you from that device (new phone, lost phone, app reinstall without backup) breaks login until you re-enroll. The backup codes you get at setup exist exactly for that case, which is why we ask you to save them.

Walk the section that matches your situation: first-time setup, moving to a new phone, or fully locked out with no codes and no working device. The first two are self-serve and take a few minutes. The last one requires support to verify your identity before resetting MFA, and that typically completes within a business day. The single best thing you can do to avoid the locked-out scenario is store your TOTP secret in a cloud-syncing password manager like 1Password, Bitwarden, or Authy. Then a lost phone is a non-event.

AwardLettr requires multi-factor authentication on every account. We use TOTP (time-based one-time passwords), the same standard your bank uses. The setup is a one-time thing, but moving between devices is where most people get tripped up.

Supported authenticator apps

  • Google Authenticator (iOS, Android)
  • Microsoft Authenticator (iOS, Android) — also supports cloud backup
  • Authy (iOS, Android, desktop) — supports cloud backup and multi-device
  • 1Password (any plan) — stores TOTP secrets alongside passwords
  • Bitwarden Premium — same as 1Password
  • Any other RFC 6238 TOTP app — they all work the same way
If you do not already use a password manager, this is a great reason to start. 1Password and Bitwarden store both your password and your TOTP code in one place, and they sync across all your devices automatically. New phone? Install the app, sign in, everything is there.

Initial setup

1

Install an authenticator app

Pick one from the list above and install it on your phone (or password manager on any device).

2

Go to MFA Setup

In AwardLettr, the setup wizard appears automatically on first login. You can also reach it at Settings → Security → MFA.

3

Scan the QR code

Use your authenticator app to scan the QR code shown on the setup page. It will start generating 6-digit codes that change every 30 seconds.

4

Enter the current code

Type the 6-digit code from your app into AwardLettr to confirm the connection.

5

Save your backup codes

You will be given 10 single-use backup codes. Save them in your password manager NOW. Do not skip this step.

Save your backup codes in a password manager

If you lose both your device AND your backup codes, recovery requires identity verification with support — and it can take a day or two. Pasting your codes into 1Password or Bitwarden takes 10 seconds and saves you that pain.

Got a new phone? Here is the workflow

1

Have your old phone (or your backup codes) handy

You need ONE of: your old phone with the authenticator app still working, a backup code, or a password manager that already has your TOTP secret.

2

Log into AwardLettr

Use your email + password. When prompted for the 6-digit code, use your old phone, backup code, or password manager.

3

Go to Settings → Security → MFA

Click 'Disable MFA' to remove the current device.

4

Re-enroll with your new phone

Click "Enable MFA" again and scan the new QR code with your new phone's authenticator app.

5

Generate fresh backup codes

New backup codes are issued during re-enrollment. Save them immediately. Your OLD backup codes are now invalid.

Lost everything: phone + backup codes

This is the worst-case scenario. You cannot log in. The reset can only be done by support, and we have to verify your identity first to make sure we are not handing your account to an attacker.

  1. Email support@awardlettr.com from the email address on your account. Subject: 'MFA reset needed'.
  2. We will ask you to verify identity by answering questions only the account owner would know (recent appraisal numbers, billing card last 4, etc.) or by jumping on a brief video call.
  3. Once verified, we reset your MFA and you can re-enroll fresh.
  4. Recovery typically completes within 1 business day. If it is urgent, mention that in your email.

Prevent this from ever happening

Use Authy or a password manager that backs your TOTP secrets to the cloud. Then a lost phone is a non-event — install the app on your new phone, sign in, your codes are there.

Next steps

Contact Support
Suggest an editLast updated 2026-05-23

Related Articles

Contact Support

How to reach AwardLettr support, what info to include, and which channel is right for which problem.

Common Error Messages, Decoded

A reference table for the error messages you will actually see in AwardLettr and exactly what to do about each one.

MFA Issues: Locked Out, Lost Codes, New Phone | AwardLettr Docs