“2FA is Required” Error on Users who have Active 2FAs

  • Resolved ewitzel

    (@ewitzel)


    1 year, 1 month ago

    I have a MultiSite running the latest WordFence (7.10.5) and suddenly today I’ve had 3 users notify me that their previously-working 2FA was suddenly not working. In the Network Admin, I could see these users all had “active” 2FAs (not locked out or in grace period). On their individual settings page, I could see their QR code, recovery codes, but there was no way to for me to deactivate or reset their 2FA from my admin access.

    Eventually, I figured out how to whitelist each of their IPs to have them log in without 2FA, then instructed them to reconfigure their 2FA (/wp-admin/network/admin.php?page=WFLS). This is temporarily working.

    However, I’m worried that it’s not a permanent fix for those users and ones in the future. One user says when she goes to the link above, it still says she need to configure 2FA even after she reset it. And why does it say on my end that these accounts are “active”? Finally, I now see some users listed as “not allowed” who have been “active” for a long time. I just waiting for them to tell me they can’t log in.

    Please let me know of any paths forward to ensure my user have easy access to properly-working 2FA. Thanks for your assistance.

    • This topic was modified 1 year, 1 month ago by ewitzel.
    • This topic was modified 1 year, 1 month ago by ewitzel.
Viewing 4 replies - 1 through 4 (of 4 total)
  • phgterence

    (@phgterence)

    My team has also run into this exact same issue this week. We have a couple multisites running WordFence and we are experiencing this issue with just one of them. Seems to coincide with the 7.10.5 update.

    To add some additional context to the issue, we attempted to toggle the option for requiring 2FA for the Administrator role, setting it to Optional. This cleared the login error but now for Administrator users with “2FA Active” the 2FA code screen is bypassed entirely.

    Currently seeking a solution that doesn’t require these users to set up 2FA again.

    Plugin Support wfscott

    (@wfscott)

    Hello, @ewitzel and @phgterence

    Thanks for reporting the issue. We have a fix for this expected to be released at the beginning of the week. You can temporarily allowlist admin IPs via Wordfence > Login Security > Settings, or set the 2FA requirement to Optional for these roles in the meantime.

    Sorry for the inconvenience.

    Thanks,
    Scott

    phgterence

    (@phgterence)

    Hello @wfscott,

    Is there any update on this matter?

    Thanks,

    @phgterence

    Plugin Support wfscott

    (@wfscott)

    Hello, @phgterence

    We’ve put out an update that should have corrected the issue (7.10.6). Can you confirm if you’re still running into this on the latest version after updating?

    Thanks,
    Scott

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘“2FA is Required” Error on Users who have Active 2FAs’ is closed to new replies.