New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Trouble contacting host-c.com support (locked out due to 2FA)
Hi,
I’ve been trying to get in touch with host-c.com for the past 2–3 days, but haven’t received any response so far. Has anyone else experienced the same issue or know the best way to reach them?
I used 2FA on host-c.com by always logging in with a backup code. The last time I logged in, I forgot to copy the newly generated backup codes. Now I can’t log in anymore.
For the past 2–3 days, I’ve been trying to reach their support but haven’t received any replies. I even sent a PM to the user host_c, but it looks like they haven’t been active since 19/09. I also used the “Contact Us” form on their website three times, but still no response.
Does anyone know if there’s another way to get in touch with them?
Comments
@host_c
Did you not get the email from Monday, the one regarding 2FA disabling?
I believe it was mainly to clarify that 2FA disable requests submitted by email won't be accepted/processed.
As I said, I didn't receive any email in my email.
I'm worried because I've been trying to contact them for 2-3 days, but I'm not getting any response
I also contacted @host_c here but I'm not getting any response. I see he was last here on 19/09.
2FA Disable Requests Policy Update
Dear push-up specialist,
Due to an increase in account hijacking attempts, we will no longer process requests to disable two-factor authentication (2FA) submitted by email.
Only tickets opened through our official support portal will be honored.
All requests to disable 2FA will undergo a security check before being processed. This check may include verifying an invoice, confirming the last four digits of the card used for payment, or validating the PayPal account associated with the service or other.
Thank you for your understanding and cooperation in helping us keep your accounts secure.
HOST-C
If you or your domestic partner have a cellphone, download Google Authenticator app, and then you won't have the problem again.
is @Rubben
https://f-droid.org/packages/com.beemdevelopment.aegis/
Here's a choice without the word google in it
Backup code is for backups, not meant to be used for usual logins. If you are not sharing account of course
It's possible to share an account that has 2FA enabled.
When you enroll for 2FA, you'll need to scan the QR code with both phones at the same time.
If the two phones display the same code at that time, you are successful.
Subsequently, you can use the code from either phone to login, and they'll always be in sync with each other.
The two phones don't need to have the same software either.
We had success with Google Authenticator on Android and Duo Mobile on iOS.
They can show the same codes.
There are some magic in these apps.
The benefit of Google Authenticator is that it can save the codes to Google Account, so that every phone logged into the same Google Account can display the codes.
It's less hassle than scanning the QR code with two phones at the same time.
Unfortunately it isn't possible to see the codes on Chrome Desktop or Google website.
Google is increasingly locking features to Android and distrusting the desktop.
Also, stay away from third party stores.
Applications in those stores are unauthenticated and may contain virus or malware, which would compromise the security of your phones.
To each his own. But yes one needs to have trust in their 2FA app.
I would like to state that f-droid has a verification process. But it's not like they review the src code for every app.
https://verification.f-droid.org/
https://verification.f-droid.org/com.beemdevelopment.aegis_80.apk.json
Another choice is Ente Auth.
I moved to them when Authy decommissioned desktop apps.
Google Authenticator stores private keys in sqlite, I exported those via ADB years ago, and printed out. Trivia: I only use the phone for ASMR now, I boot it, play ASMR, and it automatically shuts down 1 hour afterward. And my Pentium T2390 is fast.
The problem is that I can't open a ticket precisely because I can't log in to the site.
Have to say it's a strange way to use 2FA. Backup the QR code as well next time?
The fact that any host will even honor requests to disable 2FA is pretty appalling IMO.
I would not want to do business with someone that does this.
Would you rather permanently lose all your servers after losing your phone (or two phones)?
Banks can send SMS for authentication, and don't need to rely on an app.
If you lose your phone, you can present your ID card at the carrier and receive a new SIM card with the same online number.
With the new SIM card, you can receive SMS from banks to access your accounts.
HOST-C (and several others) doesn't want to pay for SMS, so that they rely on these fragile authenticator apps.
This is why I don't really believe in SMS 2FA either because you can bribe a store employee to bypass the ID check.
Most authenticator apps allow you to do E2EE backups. It is your responsibility to keep backups here in the same way it's your responsibility to keep backups of your servers.
@host_c
Register a new account and contact them
I tried that too, but to register a new account you have to buy a product.
The open ticket page seems to be public, did I miss something?
https://host-c.com/submitticket.php?step=2&deptid=1
is it DMCA Ignored?
Bribery is illegal.
If a Verizon rep is found to have accepted a bribe money from a hacker, which subsequently resulted in financial loss of a customer, the Verizon rep would be fired.
It could be a different story with MVNOs.
The phone cards aren't registered to a customer's name.
If you know my Tello password, you can click a button to request a new eSIM.
It can be done overseas and there's no verification whatsoever, but I would get an email after the fact.
Every other drama thread on this forum involves the absence of backups.
Websites, databases, 500GB spices…
Authenticator apps would be no different.
I mean yes, but so is stealing money from people’s bank accounts, and yet…
It’s almost always functionally impossible to tell the difference between someone who has been bribed with cash vs. has been hacked.
Yes, but what is the point of choosing 2FA when companies will just ignore your choice and let potentially someone else override it instead.
You can see more here:
https://host-c.com/knowledgebase/16/Full-Terms-and-Conditions.html?utm_source=chatgpt.com
Let me just say I haven't received any response yet.
@host_c
HOST-C billing system forces 2FA on every account.
Customers are not choosing 2FA.
Perhaps it would be better to have a tick box "Please never ever let me recover 2FA, thanks"
if I got locked out of my account due to 2FA issue, how would I get the account back....?