XF 1.5 Here is my story...

[Chris57]

I have the 2 step activation thing... It is on my staff account. I got a new phone which made me lose the verification app and code generator... How do I get the backup code or get back the generator?

 

[Kevin]

The app is available for Android, iOS, and Blackberry -- Assuming your new phone is one of them, have you installed the app and logged into the app using the same account?

Nevermind, I'm likely wrong.

 

[Paul B]

You should have saved the backup codes before replacing your phone.

You can disable it in config.php using:

$config['enableTfa'] = false;

Make sure you delete that after regaining access to your account.

 

[Chris57]

The app is available for Android, iOS, and Blackberry -- Assuming your new phone is one of them, have you installed the app and logged into the app using the same account?

How do I even log into my account for the app?

 

[Chris57]

You should have saved the backup codes before replacing your phone.

You can disable it in config.php using:

$config['enableTfa'] = false;

Make sure you delete that after regaining access to your account.

Please note I lack intelligence for anything involving code or programming.

 

[Paul B]

That is your only option for regaining access to your account.

 

[Chris57]

That is your only option for regaining access to your account.

Can you please tell me what 2 do?

 

[Paul B]

Edit the library/config.php file as explained above.

 

[Chris57]

Edit the library/config.php file as explained above.

I am severely dumb... Step one?

 

[Paul B]

I suggest employing the services of a sysadmin if you lack even the basic knowledge to edit a file.

 

[Chris57]

I suggest employing the services of a sysadmin if you lack even the basic knowledge to edit a file.

No need to get agitated... Can you please explain to me what I should do.

 

[Martok]

1. Use an FTP program to download the config.php file which is found in the library folder of your XenForo installation.
2. Edit the file using a program such as Notepad++ (do not use Notepad in Windows)
3. Add the code that Brogan gave you, then save the file
4. Upload the config.php file back to the library folder

 

[Kevin]

How do I even log into my account for the app?

From the perspective of an Android phone user...

Your phone is typically associated to an account (usually a Gmail account) that you are logged into. When the app is installed on an Android phone the logged in account on the phone is used (or you can choose a different account if you have multiple accounts configured but most people would have one account). When you create new verification codes within the Google Authenticator app it is associated to the account that was selected (or defaulted for most people as most people would only have one account on their phone). On your new phone if you associated the same account (again, for Android users it'd typically be a Gmail account) to the phone and then installed the Google Authenticator app again then I *think* that your previously configured verification accounts should appear.

There is no web interface for Google Authenticator, only the phone apps. If you can't get to the app settings then your only alternative is to disable the 2FA option in XenForo itself as @Brogan and @Martok have described.

Nevermind, I'm likely wrong.

 

[Jeremy P]

@Kevin Are you sure? I don't use the Google Authenticator app anymore, but that certainly wasn't the case last I used it. And it seems like a security concern to have the 2FA secrets stored online and tied to a particular service.

 

[Kevin]

@Kevin Are you sure? I don't use the Google Authenticator app anymore, but that certainly wasn't the case last I used it. And it seems like a security concern to have the 2FA secrets stored online and tied to a particular service.

I missed a step, you need to identify the phone is being migrated but, yes, you can migrate your settings to a new device.

http://www.cnet.com/how-to/how-to-move-google-authenticator-to-a-new-device/

Nevermind, I'm likely wrong.

 

[Jeremy P]

Those instructions are for moving your Google account 2FA to a new phone, it doesn't include any external services. I've used it quite a few times myself, it's functionally the same as this page in XenForo.

In either case, with both Google and XF, you have to be able to login to the account to make the change, which you would do either by signing in from a trusted device or using a backup code.

 

[Kevin]

Those instructions are for moving your Google Account 2FA to a new phone, it doesn't include any external services.

If/when I lose/replace my phone I'll let you know how it went. In the interim XF admin's can simply disable 2FA pretty easily in a worst case scenario.

 

[Jeremy P]

As per my edit, I've replaced 3 phones over the course of using 2FA. Google doesn't sync the 2FA secrets with your account, and if it did I would use a different app because that seems unwise for security purposes.

From the article you linked:

I don't wish to be rude or anything, just trying to clarify. @Chris57 would have to use the config.php flag to restore access to his account if he can't log in.

 

[Kevin]

OK

 

[Robust]

I suggest employing the services of a sysadmin if you lack even the basic knowledge to edit a file.

You made my day.