Level 75
a next session, the user disables 2FA, later re-enables it (the tokens have changed)
Each login would be new token sent. I sign in to by doctor all the time with 2fa, I get sent a code on cell phone to enter.
Mar 18, 2021
1
Level 1
Laravel Fortify with 2FA - Email code?
Hi, I integrated Fortify in my application with two-factor authentication.
I managed to create a profile page with a dropdown to enable and disable 2FA. Say we have the following situation:
- a user enables 2FA and scans code. User must login with 2FA.
- a next session, the user disables 2FA, later re-enables it (the tokens have changed)
- user does not delete the existing entry in Authenticator and does not add it new to Authenticator
- logging in will fail because the site in Authenticator does not match with the new token, also recovery codes do not work anymore
So, the user cannot login anymore. A solution would be that te user can e-mail a 2FA-code to login. But I have no idea if this is possible to implement.
Maybe there is another workaround for this. Anyone any idea?
Please or to participate in this conversation.