Jump to content

Two Factor Authentication - Deleted Security Questions


Teddy Rogers

Recommended Posts

I deleted some 2FA security questions and now users are reporting problems updating to one of the new 2FA questions.

They are seeing the 2FA prompt (see attached image) and cannot enter anything in. Normally, after multiple failed attempts this would then send an email with a link to reset 2FA and use another question. Because there is nothing that can be entered they can't fail to login and/ or reset their 2FA via email.

From AdminCP I see the deleted 2FA fields similar to, "security_question_1", "security_question_2" and so on.

I make the assumption this is not the intended action and could be a bug?

Ted.

Could contain: Text

 

Link to comment
Share on other sites

7 hours ago, Marc Stridgen said:

What was it causing your issues?

Miscommunication. I was more diligent after I posted and ran some tests of my own and then confirmed with members they were overlooking clicking the correct options (verifying using another method)...

Ted.

Link to comment
Share on other sites

  • 2 years later...
Posted (edited)

I don't think this problem was ever properly fixed. Every once in a while I still have a member contacting me because they struggle with 2FA question not being visible.

When I check their 2FA in AdminCP their security question has a reference, something like "SECURITY_QUESTION_5", that indicates it used to be one of the previous deleted questions. Sorry I have not been clever enough to take a screenshot of the exact text before I changed it.

To resolve the issue I go to edit the security question in AdminCP and save, since I only have the one question on the site. After that the new security question is visible.

One of the affected members did a screen capture of what they see and get when prompted for the (missing) 2FA question.

Is this a bug, should they be prompted to reset their 2FA automatically if the question is no longer available?

Ted.

Edited by Teddy Rogers
Link to comment
Share on other sites

On 8/12/2024 at 3:00 PM, Marc said:

Thank you for bringing this issue to our attention! I can confirm this should be further reviewed and I have logged an internal bug report for our development team to investigate and address as necessary, in a future maintenance release.

Thank you for reviewing, look forward to it being fixed up...

Ted.

Link to comment
Share on other sites

  • 1 month later...
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...