• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

XF 1.5 Two Step Verification Shows Up - How to Turn it Off

nassella

Active member
#1
Suddenly this showed up

"You must enable two-step verification to continue.

Two-step verification increases the security of your account by requiring you to provide an additional code to complete the login process. If your password is ever compromised, this verification will help prevent unauthorized access to your account."

I don't know if I accidentally turned it on but can someone tell me how to turn it off?
 

Brogan

XenForo moderator
Staff member
#2
You can disable it in your account preferences, it may also be set in the user groups permissions (Require two-step verification), and there is also an option to force it when accessing the ACP.
 

Liam W

Well-known member
#4
It's not that. That message is shown when permissions are set to force enabling of Tfa.

One of your user groups has the force Tfa permission active.

Did you grant all permissions on your admin user group?

Liam
 

nassella

Active member
#5
It's not that. That message is shown when permissions are set to force enabling of Tfa.

One of your user groups has the force Tfa permission active.

Did you grant all permissions on your admin user group?

Liam
I had it "not set" for admins - but have turned it to "never" now there and for registered users. I will check mods
 

Brogan

XenForo moderator
Staff member
#7
We have seen many, many cases of sites being compromised and damaged (sometimes irreparably) due to administrators not having 2FA enabled and their log in credentials being the same on numerous other sites which have been hacked and leaked online.

It is particularly problematic amongst the minecraft and gaming communities.

You should actually consider forcing 2FA for administrators, rather than setting it to never.
 

nassella

Active member
#8
Will do.
We have seen many, many cases of sites being compromised and damaged (sometimes irreparably) due to administrators not having 2FA enabled and their log in credentials being the same on numerous other sites which have been hacked and leaked online.

It is particularly problematic amongst the minecraft and gaming communities.

You should actually consider forcing 2FA for administrators, rather than setting it to never.[/QUOTE