Jump to content

Recommended Posts

Posted

I deleted some 2FA security questions and now users are reporting problems updating to one of the new 2FA questions.

They are seeing the 2FA prompt (see attached image) and cannot enter anything in. Normally, after multiple failed attempts this would then send an email with a link to reset 2FA and use another question. Because there is nothing that can be entered they can't fail to login and/ or reset their 2FA via email.

From AdminCP I see the deleted 2FA fields similar to, "security_question_1", "security_question_2" and so on.

I make the assumption this is not the intended action and could be a bug?

Ted.

Could contain: Text

 

Posted
7 hours ago, Marc Stridgen said:

What was it causing your issues?

Miscommunication. I was more diligent after I posted and ran some tests of my own and then confirmed with members they were overlooking clicking the correct options (verifying using another method)...

Ted.

  • 2 years later...
Posted (edited)

I don't think this problem was ever properly fixed. Every once in a while I still have a member contacting me because they struggle with 2FA question not being visible.

When I check their 2FA in AdminCP their security question has a reference, something like "SECURITY_QUESTION_5", that indicates it used to be one of the previous deleted questions. Sorry I have not been clever enough to take a screenshot of the exact text before I changed it.

To resolve the issue I go to edit the security question in AdminCP and save, since I only have the one question on the site. After that the new security question is visible.

One of the affected members did a screen capture of what they see and get when prompted for the (missing) 2FA question.

Is this a bug, should they be prompted to reset their 2FA automatically if the question is no longer available?

Ted.

Edited by Teddy Rogers
Posted

Thank you for bringing this issue to our attention! I can confirm this should be further reviewed and I have logged an internal bug report for our development team to investigate and address as necessary, in a future maintenance release.

 

Posted
On 8/12/2024 at 3:00 PM, Marc said:

Thank you for bringing this issue to our attention! I can confirm this should be further reviewed and I have logged an internal bug report for our development team to investigate and address as necessary, in a future maintenance release.

Thank you for reviewing, look forward to it being fixed up...

Ted.

  • 1 month later...
Posted (edited)

@Marc assume this did not get fixed in the latest update. I had another member email me today saying they could not login and reset their 2FA because of the issue identified above. Resolved by simply going to edit then save.

Do you know if/ when this will be fixed?

Ted.

Edited by Teddy Rogers
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...