Invision Community 4: SEO, prepare for v5 and dormant account notifications By Matt Monday at 02:04 PM
SJ77 Posted March 27, 2019 Posted March 27, 2019 Hi I want to force 2 step auth and have AUTHY setup as the available option. (members can get sms text message codes) I am worried that members will lose their phone and not be able to get into the site again. What happens in this case?
SJ77 Posted March 27, 2019 Author Posted March 27, 2019 I guess this issue could happen with google auth setup as well. Any ideas what happens? Are members just blocked for good?
Makoto Posted March 27, 2019 Posted March 27, 2019 Basically yes. 2fa services like Google allow you to make a list of single-use backup codes that can be used in-case you lose your phone. Otherwise, they will have to contact you in order to regain site access.
SJ77 Posted March 27, 2019 Author Posted March 27, 2019 Would be nice if someone made a plugin to force security questions as an option if using authy or google
Jim M Posted March 27, 2019 Posted March 27, 2019 With our software there are two options the admin can enable should a user lose their phone (or forget your security questions). One is to email a recovery code to the user and the other is to use the contact form to reach out to an admin.
SJ77 Posted March 27, 2019 Author Posted March 27, 2019 1 hour ago, Jim M said: With our software there are two options the admin can enable should a user lose their phone (or forget your security questions). One is to email a recovery code to the user and the other is to use the contact form to reach out to an admin. But the contact form could be anyone. “Yeah, yeah I got locked out. Can you let me in?”
Rhett Posted March 27, 2019 Posted March 27, 2019 14 minutes ago, SJ77 said: But the contact form could be anyone. “Yeah, yeah I got locked out. Can you let me in?” Verify them silly. 😋
SJ77 Posted March 27, 2019 Author Posted March 27, 2019 1 minute ago, Rhett said: Verify them silly. 😋 Probably a dumb question, but how?
Rhett Posted March 27, 2019 Posted March 27, 2019 14 minutes ago, SJ77 said: Probably a dumb question, but how? There are many ways, it would all depend on what you would like to do, email address, phone number, security questions, the credit card on the account.
SJ77 Posted March 27, 2019 Author Posted March 27, 2019 I see what you mean. Manual. This would work assuming they have something on file to reference. I get bare bones accounts saying “I lost access to my email and can’t get into my account”. Thank you
Rhett Posted March 27, 2019 Posted March 27, 2019 4 hours ago, SJ77 said: I see what you mean. Manual. This would work assuming they have something on file to reference. I get bare bones accounts saying “I lost access to my email and can’t get into my account”. Thank you If there is nothing on the account, and they lost email access, they can clearly verify the old email address, if it's a bare-bones account, with nothing on it to verify, nothing is lost in changing the email to a present one. 🙂
Joel R Posted March 28, 2019 Posted March 28, 2019 This past weekend, I recovered 2FA access to an old account where I had set up Google Authenticator in the past and no longer had the account listed in Google Authenticator. I also didn't have the single use codes. All they had me do was verify that I owned the email address.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.