Jump to content

We're Retiring SMS Recovery


Recommended Posts

We have retired our SMS-based account recovery option which means you will no longer be able to use this feature if you lose access to your account. Please take a moment to ensure you have your Two-Factor Authentication (2FA) backup codes stored somewhere safe or regenerate them here by disabling 2FA and enabling it again.

Why is this changing?

The SMS feature was originally added to serve as a recovery method for users who had lost their Two Factor Authentication device and backup codes regardless of where they lived.

Unfortunately, many governments around the world have now changed their requirements to allow us to send messages in their territories, with many enforcing a significant increase in the per-message cost or requiring us to complete a complicated registration process to be considered a trusted sender. This means the number of users around the world who can benefit from this recovery option is gradually falling which makes it less useful to our community as a whole. We also feel that SMS-based recovery is no longer the best solution for the problem of verifying you as the account owner if you lose your 2FA device and backup codes.

Your support through Premium memberships and ad revenue is what allows us to keep Nexus Mods going and we're always thinking about how to spend the money we make in a way that provides the best value to the community. We've decided that both the cost of SMS recovery coupled with the complexity of trying to manage these regional SMS accounts is simply not a good use of our time or money. As a result, we have permanently disabled this feature and securely deleted all saved mobile numbers from our service.

Will there be an alternative to SMS recovery?

We know that it's important for you to have options to recover your account, especially if you lose access to your Two-Factor Authentication (2FA) so we're in the planning phase of implementing a replacement system that uses the more modern and secure Web Authentication API (also known as WebAuthn).

This new implementation will also allow you to self-serve instead of waiting for a response from our Community Managers before you can get back into your account.

We don't currently have a release window to provide for this feature, but we will be announcing it in the site news as soon as it is ready.

How can I secure my account in the meantime?

Until the WebAuthn feature is released, you will still be able to recover your account if you lose access to your Two Factor Authentication by:

  • Using one of your 2FA backup codes at the login screen*.
  • Contacting [email protected] from the email linked with your account and providing an invoice from PayPal or a bank statement showing a Premium membership payment.

Without either of these options, it is unlikely that we will be able to verify you as the account owner, so please take this opportunity to check that you have the required proofs stored somewhere safe. We also recommend using an Authentication manager which supports multi-device sync - such as Authy - so your 2FA codes aren't contained on a single device.

* If you don't have your 2FA backup codes, turn 2FA off and back on again in your settings to receive new ones.

  • Like 4
Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...