Google Authenticator 2FA enabled; Secret Key not required upon login

Need help with the Administration of your Joomla! 3.x site? This is the spot for you.

Moderator: General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Post Reply
xen
Joomla! Fledgling
Joomla! Fledgling
Posts: 3
Joined: Sun Nov 30, 2008 5:58 pm

Google Authenticator 2FA enabled; Secret Key not required upon login

Post by xen » Tue Jul 09, 2019 7:10 pm

Looking for guidance.

I have enabled plugin "Two Factor Authentication - Google Authenticator" for my site, and have configured it for my account - all appears to have gone over well, exactly as outlined in instructions.

Login page also now prompts for a secret key as expected - however, this field doesn't appear to be required in order to log in.

If I leave the secret key field blank - I can login with no issues.
I put in random info in the secret key field, I can login with no issues, though I do get a message: "You need to enable two factor authentication in your user profile to use the secret code field."

After logging in, I've checked on my account and 2FA does still appear to be configured.

I am wondering if I am missing something here.

Details:

  • Joomla! Version: Joomla! 3.9.9 Stable
  • Joomla! Platform Version: Joomla Platform 13.1.0 Stable
  • PHP Version: 7.1.30
  • Web Server: Apache

User avatar
Per Yngve Berg
Joomla! Master
Joomla! Master
Posts: 25762
Joined: Mon Oct 27, 2008 9:27 pm
Location: Akershus, Norway

Re: Google Authenticator 2FA enabled; Secret Key not required upon login

Post by Per Yngve Berg » Tue Jul 09, 2019 8:11 pm

Have you set the twofactorauth plugin to "Site", "Administrator" or "Both"?

xen
Joomla! Fledgling
Joomla! Fledgling
Posts: 3
Joined: Sun Nov 30, 2008 5:58 pm

Re: Google Authenticator 2FA enabled; Secret Key not required upon login

Post by xen » Tue Jul 09, 2019 9:52 pm

Hi Per, thanks for responding. I have set it for 'Both'

(Extensions > Plugins > Two Factor Authentication - Google Authenticator
Site Section: Both,
Status: Enabled)

User avatar
Per Yngve Berg
Joomla! Master
Joomla! Master
Posts: 25762
Joined: Mon Oct 27, 2008 9:27 pm
Location: Akershus, Norway

Re: Google Authenticator 2FA enabled; Secret Key not required upon login

Post by Per Yngve Berg » Thu Jul 11, 2019 7:34 pm

It looks like the 2FA set-up for the user is not completed.


Post Reply

Return to “Administration Joomla! 3.x”