Disable permanent 2FA

Once enabled, the 2FA functionality can’t be disabled. I made the same mistake, curious about ECG use, but after finding it wasn’t helpful, I deleted the app and tried to revert to the normal login process. Garmin support told me it’s irreversible. They offered me two options:

1. Live with it.
2. Download my data, delete my account, create a new one, and restore the data.

I decided the risk of losing data wasn’t worth it. While I find this limitation absurd, I’ve learned to live with it despite the bugs and inconveniences.

Lyubomir said:

Download my data, delete my account, create a new one, and restore the data.

Do not delete the old account, until you are sure your new account works as expected! In fact you do not have to delete it at all, and you'll be able to use it anytime you change your mind.

Anyway moving the data to a new account won't be a simple task - you have to request the full data dump at https://www.garmin.com/en-US/account/datamanagement/exportdata and then import all the daily data files, and activities. If you use the account since more than a few weeks, it will be a long job, and you may not be able to restore all, anyway. May be simpler to start from the scratch.

Thank you. I am so upset. I have years of data to move and that I do not want to lose. Garmin systems are so poorly made. Why they do not allow such a simple setup like disabling 2fa... this is so stupid.

Garmin claims that 2FA is a regulatory requirement to protect the security of ECG data. That is simply untrue. If you ask them to identify the regulations that require it, they can't. (It's not HIPAA, incidentally, which only applies to healthcare providers and insurers, not to user-collected data.) If 2FA were really a legal requirement, then Apple would have it too.

There's also no logical reason why ECG data should be considered more private or confidential than one's other heart rate data. Heck, it's CERTAINLY less personal than when I sleep and where I run, none of which has to be protected by 2FA. 

This has really reduced how much I use Garmin Connect. I don't want to wait minutes every time I want to view my data. Garmin never remembers the browser, and sometimes the code takes over 20 minutes to arrive. 

Agree.

But even if we want to consider them to be protected with the strongest possible solution, we need to have a way to decide to wipe data already stored and remove the 2fa.

Several users are mentioning - like I am - that they do not want to use ECG after testing it, as they do not find the value of it. In this case we should be given the option to disable 2fa.

Some years ago, I managed to get rid of the 2FA by tweaking the CSS/JS on the page https://www.garmin.com/en-US/account/security/mfa/ with browser's DevTools, enabling the slider buttons, and then turning off the 2FA options.

I do not know whether it is still possible, and am not going to test it, since I am not ready enabling 2FA and risking that it cannot be disabled anymore, but if you have some basic knowledge of HTML / CSS / JavaScript, it was not too difficult. As far as I remember, it was enough to change the CSS on the tab Elements » Styles, and deactivating the attribute that disabled the slider button.

Well... I wish it was that easy. When you modify the HTML/CSS with devtools you are doing it locally in your browser. I do not see how this can affect the backed of the website. Especially because there is no way to submit the change. I tried any way, just for the sake of trying and in fact it does not change anything.

I do not know how it is now, but originally when the button was enabled through CSS, it fired the underlaying JS function, which connects to the server where it removes the 2FA option from your account. Only the button was disabled, the function itself was still there, and was functional. It is possible they changed it in the meantime. It definitely worked, since I do not have the 2FA anymore (and I did have it originally).

Yeah, they might have spotted he weakness :) BTW, yours was a clever move. Pity does not work anymore :)