Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
I have TFA setup on my account, and I created a set of backup/fallback codes. But I cannot find a way to use them. I click 'Can't acces your account?" button and it just says to email help@drupal.org for assistance.
I have enabled TFA on my Drupal account but I need to be able to use my backup codes. Where I work does not allow cell phones so I rely on codes to access. I do this for all of my Google accounts.
Last thing, how can you generate new backup codes?
Comment | File | Size | Author |
---|---|---|---|
#8 | Screen Shot 2016-02-09 at 1.41.59 PM.png | 101.6 KB | hestenet |
#5 | Screen Shot 2016-02-09 at 22.32.02.png | 35.99 KB | Perignon |
#3 | Screen Shot 2016-02-09 at 22.25.11.png | 446.19 KB | Perignon |
#2 | 0fbc090b5221e7e4a41a8a170624dd6b.gif | 119.04 KB | hestenet |
Comments
Comment #2
hestenetIt's very subtle, but the field does change to let you enter recovery codes once you hit the "can't access" button
Note the text change in this gif:
Comment #3
Perignon CreditAttribution: Perignon commentedThanks for the animated gif! Thanks for going that extra mile!
Unfortunately, I do not get that option. I have tried four different browsers and three different operating systems (Chrome, Chrome Incognito, Firefox, IE, and Safari - Mac, Linux, and Windows).
I get this instead.
Maybe this is an account issue? I also cannot "turn off" TFA either. Nor can I do anything but setup a new TFA device?
Comment #4
hestenetWell that is strange.... I'm going to ask around over here.
With respect to the second part of your question:
You can view unused recovery codes or generate new ones from:
https://www.drupal.org/user/[uid]/security/tfa
Profile -> Security Tab
Which should look like:
Comment #5
Perignon CreditAttribution: Perignon commentedYeah that URL gives me this:
Comment #6
Perignon CreditAttribution: Perignon commentedFor documentation purposes:
I have re-setup TFA access. And now I can see unused codes. I am still testing access to make sure I can get back into my account with my cell phone.
Comment #7
Perignon CreditAttribution: Perignon commentedSo I am logged in right now in one browser but I cannot login in any other browser. Logging out right now I am toast.
I am getting this error when trying to login at another browser/session:
You have reached the threshold for TFA attempts. Please try again in 60 minutes.
Comment #8
hestenetComment #9
MixologicI cleared this out of the flood table, you should be able to try again.
Comment #10
Perignon CreditAttribution: Perignon commentedTrying now.
Comment #11
Perignon CreditAttribution: Perignon commentedAwesome. Confirmation!
I was able to login with my TFA from my phone. I then stared a new session and was able to use a backup code. I can also now see the backup code is no longer available to use.
Comment #12
coltraneHi, I wanted to leave some context and a link to the issue to mitigate the underlying problems.
I believe the scenario of not seeing the fallback code input form is most likely a result of not actually having any fallback codes saved for an account. While you thought you saved fallback codes you probably didn't and so TFA isn't providing you an option to input something you don't have. I may be wrong but based on similar reports like this I think it's the most likely explanation. You were presented the fallback codes during TFA but by not actually submitting that step they were not saved to your account.
TFA module should make it hard for this scenario to happen. https://www.drupal.org/node/2489470 is about TFA setup form UX and the leading suggestion is to save TFA data on each step of the setup process.
Comment #13
Perignon CreditAttribution: Perignon commentedThat could be true! Every TFA service (I use a lot of them) saves the codes once they are displayed.
But there also is the problem where I had zero management of my TFA settings when I did have it enabled. It would only prompt me to setup TFA again. So that still is another bug.