XF 1.5 2FA key cannot be scanned, entered manually - then stopped working?!

jflory7

jflory7

Active member
Hello,

Today, my 30 days finally expired on my login using my 2FA key. When I was initially setting up my 2FA authentication, my phone could not scan the QR code on my screen to add it (I am using Authy over Google Authenticator). This was strange, seeing as it worked here on the XF Forums, but I disregarded it as a camera issue or something silly, and manually entered the key.

Now, the issue I came across today was that when I was prompted to enter my key, the code I was entering directly from my phone using the exact same profile that I had done when I first set it up, would not provide the right code, or at least the forums consistently rejected my code from Authy. This was frustrating, and I had to use one of my backup codes in the meanwhile to restore access to my account.

This seems like a major issue and I have no idea if it's an issue with the authentication service, XenForo, or my installation. This is something concerning to me and all others who use 2FA on my site because it seems like users could potentially lose access to their accounts.


Cheers,
- jflory7​
 
Sort by date Sort by votes
The most important thing is to check that your server's time is accurate. You'll want to run something like NTP. If the time is off, it could lead to 2FA app-based codes not working. (There are no external calls to do 2FA. It's basically just math that involves a secret code and the current time.)

FWIW, I haven't had that issue here with any time I've had to enter a code.
 
Upvote 0 Downvote
I've seen it where the QR codes have trouble reading on certain dark styles. I ended up applying a thick border around the code, it seemed to help (regarding the scanning issue).
 
Upvote 0 Downvote
Russ said:
I've seen it where the QR codes have trouble reading on certain dark styles. I ended up applying a thick border around the code, it seemed to help (regarding the scanning issue).
Click to expand...

Yeah, I noticed the same on one or two sites. QR codes need a light background to work... Not 100% sure why.

@jflory7 the most (and probably only) likely issue is that the server time is a couple of minutes out of sync (or your device time is out of sync). Check the time of both devices, to make sure their accurate, and then try again :)

Liam
 
Upvote 0 Downvote
Mike said:
The most important thing is to check that your server's time is accurate. You'll want to run something like NTP. If the time is off, it could lead to 2FA app-based codes not working. (There are no external calls to do 2FA. It's basically just math that involves a secret code and the current time.)

FWIW, I haven't had that issue here with any time I've had to enter a code.
Click to expand...
Liam W said:
Yeah, I noticed the same on one or two sites. QR codes need a light background to work... Not 100% sure why.

@jflory7 the most (and probably only) likely issue is that the server time is a couple of minutes out of sync (or your device time is out of sync). Check the time of both devices, to make sure their accurate, and then try again :)

Liam
Click to expand...
I migrated machines last week and the new one's clock was all messed up. Fixing it resolved the issue. Cheers, thanks for the tip!
 
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

Wildcat Media
  • Question Question
Two-step verification (two-factor authentication) apps used with XenForo
Replies
11
Views
2K
TPerry
TPerry
Wildcat Media
  • Question Question
XF 1.5 Two-step verification--how is the 30 day expiration saved?
Replies
0
Views
638
Wildcat Media
Wildcat Media
Top Bottom