1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

XF 1.5 Are users locked out if they reset 2FA app & no backup code?

Discussion in 'XenForo Questions and Support' started by Alfa1, Dec 12, 2015.

  1. Alfa1

    Alfa1 Well-Known Member

    If a user reinstalls their 2 factor authentication app all data in the app is lost. It seems the user can no longer login to the xenforo website, unless the user has generated backup codes. Many will not have this, so it seems they are locked out.
    How can such a catch 22 situation be resolved?
     
  2. Brogan

    Brogan XenForo Moderator Staff Member

    That's why they should make a copy of the backup codes.

    Administrators can disable it in the ACP for their account.
     
  3. borbole

    borbole Well-Known Member

    Most users are not tech savvy so making backups sounds chinese to them :D
     
    Alfa1 likes this.
  4. Mike

    Mike XenForo Developer Staff Member

    You're effectively asking how 2FA can be bypassed -- if they don't have the second factor, they're basically an attacker in the eyes of the system (the type of attack 2FA is specifically trying to stop: password compromise).

    In terms of an app, this is one of the reasons we give a recommendation of Authy, as you can recover codes or move devices much more easily (compared to Google Authenticator).
     
    Fred. and Alfa1 like this.
  5. Alfa1

    Alfa1 Well-Known Member

    True. Its a catch 22 that will likely affect quite a few of our members. Hopefully an easier fallback solution than backup codes can be found.
     

Share This Page