XF 1.5 Are users locked out if they reset 2FA app & no backup code?

Alpha1

Well-known member
If a user reinstalls their 2 factor authentication app all data in the app is lost. It seems the user can no longer login to the xenforo website, unless the user has generated backup codes. Many will not have this, so it seems they are locked out.
How can such a catch 22 situation be resolved?
 
You're effectively asking how 2FA can be bypassed -- if they don't have the second factor, they're basically an attacker in the eyes of the system (the type of attack 2FA is specifically trying to stop: password compromise).

In terms of an app, this is one of the reasons we give a recommendation of Authy, as you can recover codes or move devices much more easily (compared to Google Authenticator).
 
True. Its a catch 22 that will likely affect quite a few of our members. Hopefully an easier fallback solution than backup codes can be found.
 
Back
Top Bottom