1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Disable Two-Step Verification (config.php)

Disable Two-Step Verification (config.php)

  1. Allan

    Allan Well-Known Member

    Allan submitted a new resource:

    Disable Two-Step Verification (config.php) - Disable Two-Step Verification (config.php)

    Read more about this resource...
  2. zoldos

    zoldos Well-Known Member

    I don't have any issue with 2 step verification. It is disabled and everything works fine.
  3. TheBoss

    TheBoss Well-Known Member

    Thanks, I hate that 2 step verification also..
  4. Chris D

    Chris D XenForo Developer Staff Member

    Don't enable it then.

    I must stress that this config switch should only be used in extreme cases whereby you have locked yourself out of the forum.

    Allan, the only way the prompt will come up for each log in is if it is configured to or if you haven't trusted the device you are using. I have 2FA enabled everywhere (including locally) and I only need the 2nd factor if I use a different machine, or the trust period has expired. Also, if you don't want to use 2FA, why have you even activated it? Just go to the Two Step page and disable it. If you haven't set it up and it is forcing you to enable 2FA then that is almost certainly a permission or configuation issue.

    If you need assistance with the configuration and it isn't working as expected, debugging that is the best thing to do - not obliterate it for no reason. You should seek assistance for that in the relevant forum.
    ManagerJosh, Divvens, rugk and 2 others like this.
  5. Mike

    Mike XenForo Developer Staff Member

    I would reiterate what @Chris D said, with an extra emphasis: if you are receiving a prompt requiring your to enable 2FA, run analyze permissions to determine if the permission has been enabled and where. This permission is never automatically enabled so it should only occur if you have explicitly (if accidentally) enabled it. If you're sure you didn't do that (or you can't find where the permission has been enabled from), we want to know about it to try to debug it.
  6. zoldos

    zoldos Well-Known Member

  7. Fred.

    Fred. Well-Known Member

    I notice that 95% of the admins that want to disable Two-Step Verification don't know how it works. And apparently they don't want to spend 5 minutes to find out how it works to make their forum more secure for all their members.
    They don't know you don't have to use it if you don't want to use it. It's Optional. That means everyone can choose if they want to enable it or not.

    You don't have to use it yourself if you don't want, but for god's sake don't disable the whole Two-Step Verification for everyone!

    If you disable Two-Step Verification your not worth the name "admin"! (n)
    And I'm pretty sure more people here think the same.
    rugk, zoldos and Zynektic like this.
  8. Zynektic

    Zynektic Well-Known Member

    I cannot agree more Fred.!

    Just because some users do not like it...they do not need to activate it and count as a whole. If you disable it as the site owner just because it bugs you then you are putting your members at risk by not allowing them security.

    Whilst I can understand some people may do it by -accident- that being, not sure what they are doing such as an elderly person so enabling it and can lock themselves out, you can resolve it quickly and you should make a post of some form explaining the feature and how it benefits them in the first place.
    rugk and Fred. like this.
  9. PASS

    PASS Active Member

    Is there a switch for that?
  10. whynot

    whynot Well-Known Member

  11. zoldos

    zoldos Well-Known Member

    Yes, it is easily disabled via user group permission.
    PASS likes this.
  12. Question guys,

    I have disabled it everywhere that I can find it.
    Yet, it still asks for the email confirm at log in, then asks for it again at admin panel

    I have went thru all group permissions disabling it for now,
    Have went thru current users and disabled it for now,

    New setup, just trying to get stuff built on the admin side, and it continues to ask for that verification as I move around

    Please advise,
  13. zoldos

    zoldos Well-Known Member

    I'm not exactly sure what you mean here. "E-mail confirm"? Is it asking you to enter a code from your mobile device?
  14. Brogan

    Brogan XenForo Moderator Staff Member

    I have responded to your ticket concerning 2FA but this doesn't sound like it is related to that.

    It sounds to me like you are being logged out, possibly due to your IP address changing and/or server configuration.
    Steve F and zoldos like this.
  15. Thanks guys,

    By email confirm, that is the 2nd part of the 2 step I am referring to, sorry. Where by email it sends the activation code.

    Thank you, but I am on a fixed IP.

    Let's ask a different question that was referred to earlier in this thread, as I appreciate the why regarding the 2 step.

    "Is it possible to turn off the 2 step for Admin/Moderator personnel?" or is that a program requirement?

    I appreciate that members can opt in and out, but can Admin opt in and out of it? Reason I ask, is even with all boxes unchecked, it still requires the 2 step, or it will provide a message that states 'must have 2 step enabled to view x' as I move around as logged in admin.

    Thanks again!
  16. zoldos

    zoldos Well-Known Member

    As far as I know, 2 step verification can easily be enabled/disabled via usergroup permission. If not, you may have a buggy install.
  17. Hi guys and thanks for the help,

    I went with the nuclear option to start, ie remove it, until I had time to mess with it any further.
    Was building and setting up the website and noticed other curious things.

    One of the first things I had done was setting the permissions for the different member levels. Yet, not following the manual, I had areas in 'registered users' for instance checked as 'never' rather than 'not set/no'. When I had those set in the never category, there were no mod tools under thread tools. When I read the manual regarding permissions, went back and reset the permissions to include the 'not set/no', then the mod tools appeared and so on. Effectively, I ran into the situation where the 'never' category was affecting other items unrelated to the item being set to 'never' on the website. So that was my bad there. The laws of unintended consequences and all that.

    Then I started wondering if that was why the issues were occurring on the 2 step. When I get more time, I will reinstate the 2 step, then check to see that it is operating as intended and earlier stated by others.

    Thanks again guys,

    Much appreciate the assist,
  18. loadeddiper

    loadeddiper New Member

    Wait so like this?

    <?php $config['enableTfa'] = false;

    $config['db']['host'] = 'troll';

    $config['db']['port'] = 'troll';

    $config['db']['username'] = 'troll';

    $config['db']['password'] = 'troll';

    $config['db']['dbname'] = 'troll';

    $config['superAdmins'] = '2';
  19. zoldos

    zoldos Well-Known Member

    What? lol
  20. Agree! But it works ..... changed settings and removed the line.

Share This Page