2FA Login issue – Apple devices

Hi @rljninja, thanks for getting in touch.

I have a some further questions around the cirumstances here to fully understand the situation.

• Have you recently performed a site migration?
• Are the users who are unable to log in using a specific authenticator app such as Google Authenticator, and does it work if they try another instead like Authy?
• I take it there were no issues setting up the authenticator, but then the problem only arises when they try to log in during future attempts?
• Do their recovery codes work when the app fails, or do these stop working too?

I’m not ruling out the possibility of a plugin conflict or browser caching issue, but at this stage it’d be good to know whether anything above such as recovery codes failing was also a factor. Sometimes disabling 2FA and reenabling it can be enough to resolve issues, but if some users are not experiencing any problems at all this might not be sufficient as you’ve already described reinstalling Wordfence.

Thanks,

Peter.

Hi Peter

1. No migration – the site has been on the same server from origin

2. As far as I am aware both users are attempting to login using Google Authenticator

3. After resetting Wordfence both users are able to login normally just once, but subsequent login attempts receive ERROR: An error was encountered while trying to authenticate. Please try again.

4. There is no 2FA entry shown to enter recovery codes – login fails at the username/password entry.

One of the users has reset their Apple device, updated to latest OS and reinstalled all browsers and are still unable to login.

All other security plugins have been de-activated.

Regards
rljNinja

Update: Have tried using Authy and still have the same issue….

Another update, if the Apple users stay on the same browser tab after a successful login they can login & out with no issues – if they close the browser or try a different tab they get the ‘Error An error was encountered while trying to authenticate. Please try again’ message.
If we send a password reset they can login again. If we click the ‘Delete Login Security tables and data on deactivation’ and deactivate/reactivate the plugin they can also login again. When trying to activate 2FA they are getting a times do not match error even though the 2FA activation screen shows matching times…..

Hi @rljninja,

Thanks for the additional feedback and testing you have performed. This is an unusual issue as there are occasions when working, occasions when it’s not, and also issues with setup of 2FA. Do you have “required” set for 2FA for their user role(s) in Wordfence > Login Security > Settings?

These suggest to me that there could be a browser issue, either a Javascript conflict, browser extension or caching problems. Do the same issues arise if they try a different browser to their usual choice and/or try logging in when private browsing.

Do you by any chance have caching plugins, or caching set on your web server?

Can you also send a diagnostic report to wftest @ wordfence . com? You can find the link to do so at the top of the Wordfence > Tools > Diagnostics page. Then click on “Send Report by Email”. Please add your forum username where indicated and respond here after you have sent it.

NOTE: It should look as follows – Screenshot of Tools > Diagnostic > Send by Email

Thanks again,

Peter.

• This reply was modified 3 years, 5 months ago by wfpeter. Reason: Added diagnostics request