Invision Community 4: SEO, prepare for v5 and dormant account notifications By Matt Monday at 02:04 PM
Teddy Rogers Posted June 11, 2022 Posted June 11, 2022 I deleted some 2FA security questions and now users are reporting problems updating to one of the new 2FA questions. They are seeing the 2FA prompt (see attached image) and cannot enter anything in. Normally, after multiple failed attempts this would then send an email with a link to reset 2FA and use another question. Because there is nothing that can be entered they can't fail to login and/ or reset their 2FA via email. From AdminCP I see the deleted 2FA fields similar to, "security_question_1", "security_question_2" and so on. I make the assumption this is not the intended action and could be a bug? Ted.
Teddy Rogers Posted June 11, 2022 Author Posted June 11, 2022 Think I have this fixed now, please disregard. Apologies... Ted.
Teddy Rogers Posted June 13, 2022 Author Posted June 13, 2022 7 hours ago, Marc Stridgen said: What was it causing your issues? Miscommunication. I was more diligent after I posted and ran some tests of my own and then confirmed with members they were overlooking clicking the correct options (verifying using another method)... Ted.
Marc Posted June 13, 2022 Posted June 13, 2022 Ah, no problem. Glad you managed to sort the issue in any case
Teddy Rogers Posted August 10 Author Posted August 10 (edited) I don't think this problem was ever properly fixed. Every once in a while I still have a member contacting me because they struggle with 2FA question not being visible. When I check their 2FA in AdminCP their security question has a reference, something like "SECURITY_QUESTION_5", that indicates it used to be one of the previous deleted questions. Sorry I have not been clever enough to take a screenshot of the exact text before I changed it. To resolve the issue I go to edit the security question in AdminCP and save, since I only have the one question on the site. After that the new security question is visible. One of the affected members did a screen capture of what they see and get when prompted for the (missing) 2FA question. SecurityQuestionProblem.mp4.1c824772f0b880bccf26629a060bfdb6.mp4 Is this a bug, should they be prompted to reset their 2FA automatically if the question is no longer available? Ted. Edited August 10 by Teddy Rogers
Marc Posted August 12 Posted August 12 Thank you for bringing this issue to our attention! I can confirm this should be further reviewed and I have logged an internal bug report for our development team to investigate and address as necessary, in a future maintenance release. Teddy Rogers 1
Teddy Rogers Posted August 13 Author Posted August 13 On 8/12/2024 at 3:00 PM, Marc said: Thank you for bringing this issue to our attention! I can confirm this should be further reviewed and I have logged an internal bug report for our development team to investigate and address as necessary, in a future maintenance release. Thank you for reviewing, look forward to it being fixed up... Ted.
Teddy Rogers Posted October 8 Author Posted October 8 (edited) @Marc assume this did not get fixed in the latest update. I had another member email me today saying they could not login and reset their 2FA because of the issue identified above. Resolved by simply going to edit then save. Do you know if/ when this will be fixed? Ted. Edited October 8 by Teddy Rogers
Marc Posted October 8 Posted October 8 We do stil have an open bug report on this at present. Im unable to say when it will be fixed, but I see it has been being actively discussed Teddy Rogers 1
Recommended Posts