Invision Community 4: SEO, prepare for v5 and dormant account notifications Matt November 11, 2024Nov 11
Posted March 27, 20196 yr Hi I want to force 2 step auth and have AUTHY setup as the available option. (members can get sms text message codes) I am worried that members will lose their phone and not be able to get into the site again. What happens in this case?
March 27, 20196 yr Author I guess this issue could happen with google auth setup as well. Any ideas what happens? Are members just blocked for good?
March 27, 20196 yr Basically yes. 2fa services like Google allow you to make a list of single-use backup codes that can be used in-case you lose your phone. Otherwise, they will have to contact you in order to regain site access.
March 27, 20196 yr Author Would be nice if someone made a plugin to force security questions as an option if using authy or google
March 27, 20196 yr Community Expert With our software there are two options the admin can enable should a user lose their phone (or forget your security questions). One is to email a recovery code to the user and the other is to use the contact form to reach out to an admin.
March 27, 20196 yr Author With our software there are two options the admin can enable should a user lose their phone (or forget your security questions). One is to email a recovery code to the user and the other is to use the contact form to reach out to an admin. But the contact form could be anyone. “Yeah, yeah I got locked out. Can you let me in?”
March 27, 20196 yr But the contact form could be anyone. “Yeah, yeah I got locked out. Can you let me in?” Verify them silly. 😋
March 27, 20196 yr Probably a dumb question, but how? There are many ways, it would all depend on what you would like to do, email address, phone number, security questions, the credit card on the account.
March 27, 20196 yr Author I see what you mean. Manual. This would work assuming they have something on file to reference. I get bare bones accounts saying “I lost access to my email and can’t get into my account”. Thank you
March 27, 20196 yr I see what you mean. Manual. This would work assuming they have something on file to reference. I get bare bones accounts saying “I lost access to my email and can’t get into my account”. Thank you If there is nothing on the account, and they lost email access, they can clearly verify the old email address, if it's a bare-bones account, with nothing on it to verify, nothing is lost in changing the email to a present one. 🙂
March 28, 20196 yr Community Expert This past weekend, I recovered 2FA access to an old account where I had set up Google Authenticator in the past and no longer had the account listed in Google Authenticator. I also didn't have the single use codes. All they had me do was verify that I owned the email address.
Archived
This topic is now archived and is closed to further replies.