• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

XF 1.5 Here is my story...

#1
I have the 2 step activation thing... It is on my staff account. I got a new phone which made me lose the verification app and code generator... How do I get the backup code or get back the generator?
 

Kevin

Well-known member
#2
The app is available for Android, iOS, and Blackberry -- Assuming your new phone is one of them, have you installed the app and logged into the app using the same account?

Nevermind, I'm likely wrong. :barefoot:
 
Last edited:

Brogan

XenForo moderator
Staff member
#3
You should have saved the backup codes before replacing your phone.

You can disable it in config.php using:
PHP:
$config['enableTfa'] = false;
Make sure you delete that after regaining access to your account.
 
#5
You should have saved the backup codes before replacing your phone.

You can disable it in config.php using:
PHP:
$config['enableTfa'] = false;
Make sure you delete that after regaining access to your account.
Please note I lack intelligence for anything involving code or programming.
 

Martok

Well-known member
#12
  1. Use an FTP program to download the config.php file which is found in the library folder of your XenForo installation.
  2. Edit the file using a program such as Notepad++ (do not use Notepad in Windows)
  3. Add the code that Brogan gave you, then save the file
  4. Upload the config.php file back to the library folder
 

Kevin

Well-known member
#13
How do I even log into my account for the app?
From the perspective of an Android phone user...

Your phone is typically associated to an account (usually a Gmail account) that you are logged into. When the app is installed on an Android phone the logged in account on the phone is used (or you can choose a different account if you have multiple accounts configured but most people would have one account). When you create new verification codes within the Google Authenticator app it is associated to the account that was selected (or defaulted for most people as most people would only have one account on their phone). On your new phone if you associated the same account (again, for Android users it'd typically be a Gmail account) to the phone and then installed the Google Authenticator app again then I *think* that your previously configured verification accounts should appear.

There is no web interface for Google Authenticator, only the phone apps. If you can't get to the app settings then your only alternative is to disable the 2FA option in XenForo itself as @Brogan and @Martok have described.


Nevermind, I'm likely wrong. :barefoot:
 
Last edited:

Jeremy P

Well-known member
#14
@Kevin Are you sure? I don't use the Google Authenticator app anymore, but that certainly wasn't the case last I used it. And it seems like a security concern to have the 2FA secrets stored online and tied to a particular service.
 

Kevin

Well-known member
#15
Last edited:

Jeremy P

Well-known member
#16
Those instructions are for moving your Google account 2FA to a new phone, it doesn't include any external services. I've used it quite a few times myself, it's functionally the same as this page in XenForo.

In either case, with both Google and XF, you have to be able to login to the account to make the change, which you would do either by signing in from a trusted device or using a backup code.
 

Kevin

Well-known member
#17
Those instructions are for moving your Google Account 2FA to a new phone, it doesn't include any external services.
If/when I lose/replace my phone I'll let you know how it went. In the interim XF admin's can simply disable 2FA pretty easily in a worst case scenario.
 

Jeremy P

Well-known member
#18
As per my edit, I've replaced 3 phones over the course of using 2FA. Google doesn't sync the 2FA secrets with your account, and if it did I would use a different app because that seems unwise for security purposes.

From the article you linked:



I don't wish to be rude or anything, just trying to clarify. @Chris57 would have to use the config.php flag to restore access to his account if he can't log in.