• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

XF 1.5 Are users locked out if they reset 2FA app & no backup code?

Alfa1

Well-known member
#1
If a user reinstalls their 2 factor authentication app all data in the app is lost. It seems the user can no longer login to the xenforo website, unless the user has generated backup codes. Many will not have this, so it seems they are locked out.
How can such a catch 22 situation be resolved?
 

Brogan

XenForo moderator
Staff member
#2
That's why they should make a copy of the backup codes.

Administrators can disable it in the ACP for their account.
 

Mike

XenForo developer
Staff member
#4
You're effectively asking how 2FA can be bypassed -- if they don't have the second factor, they're basically an attacker in the eyes of the system (the type of attack 2FA is specifically trying to stop: password compromise).

In terms of an app, this is one of the reasons we give a recommendation of Authy, as you can recover codes or move devices much more easily (compared to Google Authenticator).
 

Alfa1

Well-known member
#5
True. Its a catch 22 that will likely affect quite a few of our members. Hopefully an easier fallback solution than backup codes can be found.