[DigitalPoint] Security & Passkeys

[DigitalPoint] Security & Passkeys 1.1.8

No permission to download
Overview Updates (15) Reviews (6) History Discussion
cloudpro said:
Having issues with the Authy App where when trying to verifiy adding the 2FA with the generated code I get the message:-

The two-step verification value could not be confirmed. Please try again.
Click to expand...
Authy app (iPhone) had issues with the QR code for my site... and I went around and around with them and they eventually said that they fixed it.

xenforo.com

XF 2.2 - Authy & 2FA "Token format invalid"

When trying to use Authy with the Google open source generated QR code, I'm getting this. Google Authenticator and 2FA Authenticator (on my iPhone and my iPad) work fine. The QR code here works fine with Authy also. I do have several of Xon's add-ons installed, but I disabled them and the...
xenforo.com xenforo.com

I kicked Authy to the curb and now use the YubiKey app and 1FAS Auth (which backs up to iCloud).
 
Hi @digitalpoint

I am receiving errors when I trying to verify my passkey but it’s showing this error

The two-step verification value could not be confirmed. Please try again.

IMG_0284.webp
IMG_0074.webpIMG_0279.webp

also I am not receiving any errors in adminCP and I am using iOS Safari and iPadOS Safari

also sometimes this happens on edge!
 
Have you tried dropping down to a more reasonable level of trusting the device.. you know, a more standard 30-90 day period?
 
Well, I’d say the best thing to do would be to test a passkey from a test account. Then you can at least see if it’s specific to the server or the user.
 
Another thing you may want to test if you can is to add a second passkey to the same account and see if that one works (maybe it’s something about that individual passkey somehow).
 
Just thought of something else you could check... if you have something that could be altering the network request before it hits your server, that could be an issue too. Some suspects:
  • browser extensions/ad blocker
  • something like Cloudflare and you have it's "security level" cranked up
  • mod_security (or something similar) installed with your server
Long story short is there is a JSON payload that needs to make it to your server, so if you have something that is looking for anything that might look "suspect" and blocking/altering it, it's going to break the underlying function.
 
digitalpoint said:
Is it specific to a single account (do you have a test account you could test it on)?
Click to expand...
It’s looks like it’s all the account if you enabled security passkey when using apple passkey! I have test it on GameNet account and administrator account still showing the same error!

digitalpoint said:
browser extensions/ad blocker
Click to expand...
I do use ad-blocker as I am not a big fan of scams and misleading ad but its still showing me the error!

digitalpoint said:
something like Cloudflare
Click to expand...
I don’t use Cloudflare at the moment and but I do have plans to enable in the future!

digitalpoint said:
mod_security (or something similar) installed with your server
Click to expand...
I have already turned off Mod Security but its still showing the same error!
IMG_0287.webp

digitalpoint said:
something similar) installed with your server
Click to expand...
I have just already tried to disable all add-on except your security add-on and its still showing the same error!

IMG_0288.webp
I am not sure what’s going on!
 
Maybe try deleting the passkey and readding after you disabled things like mod_security. I suppose it’s possible the passkey info was kicked by something during the process that saves it when you set it up.

FWIW, I just went through the process with an iPhone Passkey (saved to iCloud), and creation worked as expected and I was able to log out and back in (and authenticate with it) without any issues. Tried it just now…
 
digitalpoint said:
FWIW, I just went through the process with an iPhone Passkey (saved to iCloud), and creation worked as expected and I was able to log out and back in (and authenticate with it) without any issues. Tried it just now…
Click to expand...
Have you test this on XenShop
 
its not working on my side

here a video what’s I meant

To view this content we will need your consent to set third party cookies.
For more detailed information, see our cookies page.
 
You must log in or register to reply here.

Similar threads

D
[DigitalPoint] Security & Passkeys - Polish translation
Replies
1
Views
451
dave3
D
N
[DigitalPoint] Security & Passkeys - FRENCH translation
Replies
5
Views
513
Ozzy47
Ozzy47
Top Bottom