Basically, I made a factory reset on my phone and forgot to backup my Google Authenticator codes. Because of this, I lost access to 17 web services where I use this app to generate codes.<p>All of the web services provided backup codes when I enabled the 2FA, except one: 500px.com (or maybe they did but I couldn't find them / forgot to get the codes).<p>When I try to log-in I'm asked for a Google Authenticator code, which I don't have. No SMS token, no backup code.<p>Because of this, I emailed 500px support asking them for a solution and their response was:<p>---------------<p>Hey there,<p>Thanks for getting in touch. I have gone ahead and reset the authenticator for you as requested.<p>Best wishes,<p><S. B.><p>Customer Excellence<p>500px<p>---------------<p>(I removed the employee name because I don't know if its good or bad idea to post names here.)<p>Customer Excellence, really?<p>Basically, if you get your email compromised, the offender can just email 500px support and get the 2FA disabled without ANY check.<p>This reminds me the history of N on Twitter (https://medium.com/@N/how-i-lost-my-50-000-twitter-username-24eb09e026dd#.253of5gmx).<p>So why companies do this? 2FA is useless if they disable on a per-request basis without any check. The 2FA is supposed to help when your email is compromised.<p>So basically, use a social login on 500px or don't rely on the 2FA because it doesn't works. I'm happy that now i can login, but breaking my security this way is not funny and no companies should do this, that's why I post it here, for awareness.<p>PS. I had a similar problem with OVH but at least they have a process of requesting personal information, a signed letter with a copy of your ID card.