Two factor authentication require codes from all apps
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	• santhosh
	Oct 3 2017, 3:59 AM

Description

I was using Google authenticator for 2FA in phabricator and recently switched to Authy so that I can switch to a new phone easily. I configured Authy in phabricator and it works. But today when I tried to login from another browser Phabricator is asking auth code from two apps as shown in screenshot below

I expect phabricator asking app code from either of these. Not both.
If this is an expected behavior from phabricator, I need phabricator admin help to remove my Google Authenticator 2FA and just have Authy based 2FA.

Related Objects

Mentioned Here: T175941: Reset Phabricator 2FA for Tgr

Event Timeline

• santhosh created this task.Oct 3 2017, 3:59 AM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 3 2017, 3:59 AM

To clarify. There is a remove 2FA option at phabricator profile settings, but that also require my 2FA from Google Authenticator, which I don't have since I stopped using Google Authenticator. I have ony Authy 2FA

KartikMistry subscribed.Oct 11 2017, 3:58 AM

Does it not work if you just put one of them in? Does it actively require both being entered?

In T177267#3675131, @Reedy wrote:

Does it not work if you just put one of them in? Does it actively require both being entered?

I expected that behavior, but form submission failes and says both are mandatory. It is also given in screenshot as required fields

Sounds like we just need to get @20after4 or @Aklapper to remove the additional 2FA row from the database. AFAIK, we can't do it via the phabricator admin panel (not that I can ever find it again when I want it)

I don't have direct database access (and @mmodell probably wants to edit the username of 20after4 to say sth like "PRIVATE")

I see this documentation about resetting 2FA https://secure.phabricator.com/book/phabricator/article/multi_factor_auth/ and apparently we have done this before (T175941: Reset Phabricator 2FA for Tgr)

This task seems to mix "The code should be fixed to not require codes from all apps" and "Reset my personal 2FA in this instance" so we might talk about different things.

For the latter, yes we have done this before: See https://www.mediawiki.org/wiki/Phabricator/Help/Two-factor_Authentication_Resets for users and https://wikitech.wikimedia.org/wiki/Phabricator#Removing_Two_Factor_Authentication for admins.

I believe I can only remove both factors and you will then have to add authy back.

In T177267#3676271, @mmodell wrote:

I believe I can only remove both factors and you will then have to add authy back.

That is fine. I can re-enable with Authy.

@santhosh: can you edit your userpage on wikitech with something confirming that you would like 2-factor removed from your phabricator account? This is to confirm that you are in possession of the wiki credentials as well as a phabricator session.

In T177267#3678471, @mmodell wrote:

@santhosh: can you edit your userpage on wikitech with something confirming that you would like 2-factor removed from your phabricator account? This is to confirm that you are in possession of the wiki credentials as well as a phabricator session.

Done

These auth factors will be stripped:

    santhosh	totp	Mobile Phone App (TOTP)
    santhosh	totp	Mobile Phone App (TOTP)


    Strip these authentication factors? [y/N] y


Stripping authentication factors...
Done.

• santhosh awarded a token.Oct 12 2017, 11:39 AM

• Phabricator_maintenance added a project: Release-Engineering-Team (Kanban).Nov 18 2017, 7:12 AM

• Phabricator_maintenance edited projects, added RelEng-Archive-FY201718-Q2; removed Release-Engineering-Team (Kanban).Dec 21 2017, 6:56 PM

Two factor authentication require codes from all appsClosed, ResolvedPublicActions

Description

Related Objects

Event Timeline

Two factor authentication require codes from all apps
Closed, ResolvedPublic
Actions