XF 2.2 2FA problems

Mendalla

Well-known member
I have 2FA set up on my account on my own site, partly because I have admin rights on the board and partly because being in IT makes me more aware of the value of such security measures. I use Google Authenticator on my phone for it.

Here's the thing, I normally check the "Trust this device for 30 days" option. It almost never lasts 30 days. I just tried to access my site moments ago and got prompted for a code, even though I verified on this device under this Windows profile using the same browser just days ago (I know because I switched browser at the time so had to re-login and re-verify on a whole bunch of sites). So that's less than a week. I have cookies enabled. I haven't cleared my cache or cookies since my last verification. And this happens to me a lot. It's only a nuisance problem, but somehow it always seems to happen when my phone is not handy (e.g. tonight I am in my office upstairs and my phone is charging downstairs in the kitchen).

So, any thoughts on why the "Trust this device for 30 days" might not be working?

(FYI, it has happened here, too, I think but not specifically recently)

Currently on 2.2.5, by the way, probably updating to 2.2.6 on the weekend if that makes a difference.
 

wedgar

Well-known member
I have 2FA set up on my account on my own site, partly because I have admin rights on the board and partly because being in IT makes me more aware of the value of such security measures. I use Google Authenticator on my phone for it.

Here's the thing, I normally check the "Trust this device for 30 days" option. It almost never lasts 30 days. I just tried to access my site moments ago and got prompted for a code, even though I verified on this device under this Windows profile using the same browser just days ago (I know because I switched browser at the time so had to re-login and re-verify on a whole bunch of sites). So that's less than a week. I have cookies enabled. I haven't cleared my cache or cookies since my last verification. And this happens to me a lot. It's only a nuisance problem, but somehow it always seems to happen when my phone is not handy (e.g. tonight I am in my office upstairs and my phone is charging downstairs in the kitchen).

So, any thoughts on why the "Trust this device for 30 days" might not be working?

(FYI, it has happened here, too, I think but not specifically recently)

Currently on 2.2.5, by the way, probably updating to 2.2.6 on the weekend if that makes a difference.
2FA seems to work OK for me. It seems to request every 30 days for trusting my device.
 

Mike

XenForo developer
Staff member
(FYI, it has happened here, too, I think but not specifically recently)
If it's happening here too, then it's pretty certainly something on your device end. This would absolutely fit with cookies being cleared as that's how a device is remembered. It may be that there's some sort security software that is clearing cookies or maybe there's a setting to clear them when the browser is (fully) closed?
 
Top