Keyboard Shortcuts
ctrl + shift + ? :
Show all keyboard shortcuts
ctrl + g :
Navigate to a group
ctrl + shift + f :
Find
ctrl + / :
Quick actions
esc to dismiss
Likes
Search
Enter Your Two-Factor Authentication Code
#login
Hi All,
A member of our group recently got a new iPhone and when she tries to log into the group the gets the above request. She has also tried this on her Mac & iPad with the same results. I've not encountered this before and don't have a problem logging in on my iPhone 8, yet I do not own any other ios devices. Is there something set within ios? She is certain that she is using the correct password. She receives group emails and can reply. I'm considering deleting her account and adding her back, under a different email. Before I do that, I wonder if there could be something she set to create this problem or if there is something within groups.io that I'm unaware of? Take care and Be Safe, Paul, Ohio, USA |
On Fri, Apr 17, 2020 at 09:45 PM, Paul Ohio USA wrote:
I wonder if there could be something she set to create this problem or if there is something within groups.io that I'm unaware of?2FA is not something I have used on Groups.io but from the screenshot you included it is Groups.io's own 2FA that she is encountering, and that being so it is something that she herself has set up under her Account; it is not a group - level function. It can be found via Account > Security, and it is not something that you can change for her. Chris |
On Fri, Apr 17, 2020 at 09:45 PM, Paul Ohio USA wrote:
I'm considering deleting her account and adding her back, under a different email.2FA is at her account level so you wouldn't be able to delete that. You could remove her from your group and add her back in with a different email but that would be using a different account. If the alternative email address has not previously been associated with Groups.io it would create a new account at that point. See the Members' Manual section about accounts in the help centre for more details. Andy |
On Sat, Apr 18, 2020 at 12:44 AM, dave w wrote:
For anyone using basic functions of a phone 2FA is overkill anyway.It can easily be argued that 2FA is not overkill given the greater likelihood of a 'phone falling into the wrong hands? compared with a desktop or laptop. That it has been 'deemed' necessary by the tech company is only due to the less than knowedgeable use of devices.I rather doubt if "the tech company" (which one, BTW?) deemed anything necessary; using Occam's Razor the more likely origin of this problem is the end user herself who may have set it inadvertently. Chris |
On 2020-04-17 at 2:03:59 PM, chrisjones12 via groups.io <chrisjones12@...> wrote:
2FA is not something I have used on Groups.io but from the screenshot youEven Groups.io support will refuse to change those settings if you were to open a support request. From the Account > Security page that Chris mentioned: Groups.io Support cannot restore access to accounts with two-factorNotice, however, the mention of "recovery codes". When 2FA was enabled for the account in question, 10 recovery codes were generated. Each code can be used to fill in the 2FA prompt once. I'd ask this member if they have the recovery codes around somewhere (e.g., a printout, in a password manager). If they have the codes, they can use one of the codes to log in and disable 2FA. From your summary, I assume that they won't want to re-enable 2FA. They _can_ re-enable it, if they want to. Note that if they do, I suspect that the existing recovery codes will no longer work and that a new set of 10 will be generated and will need to be stored safely. You may also want to have them check if they're logged in on another device already. (E.g., a different machine in the house, a work machine) If they are already logged in, they could try to get the current recovery codes or to disable 2FA for the account. Here's what Account > Security > Two-factor Recovery Codes has to say about them: Recovery codes can be used to access your account in the event you lose Treat your recovery codes with the same level of attention as you would-- Christopher W. <lists@...> |
On Sat, Apr 18, 2020 at 12:25 PM, Christopher Warrington wrote:
Even Groups.io support will refuse to change those settings if you were toThat would appear to be at variance with what is written in the new Members' Manual: section 4.4.5 (pages 19 & 20 of the pdf version) states: Note: If the authentication code is lost (for example, if a device is reset to factory settings), you will need to contact Groups.io Support to be able to log in. (Another note a little above that reads: Important: Once you enable two-factor authentication, you will not be able to log in to Groups.io through a social login (Google or Facebook) or by using the Groups.io function to email you a link to log in.) Perhaps it's a case of 2FA at your own risk..! Chris |
On 2020-04-18 at 5:17:52 AM, Chris Jones via groups.io <chrisjones12@...> wrote:
Perhaps it's a case of 2FA at your own risk..!Agreed! 2FA is not for everyone in every situation. If it helps others, here's how I mitigate such risks (the trade-offs that I make) so I can get the benefits of 2FA: When I configure 2FA on an account, I print out two copies of the QR code/shared secret and the recovery codes. I keep one copy in a file folder at home and one in my safe deposit box. If I lose access to my 2FA device, I can scan the QR codes on another device. My threat model include fires, random hackers on the Internet (mostly credential leaks/stuffing), a mild amount of targeting hacking, and my incapacitation. It does not include family members, lawsuits & the like, or someone willing to break in to my house/safe deposit box and carefully steal my 2FA backups. -- Christopher W. <lists@...> |
On 2020-04-18 at 5:17:52 AM, Chris Jones via groups.io <chrisjones12@...> wrote:
That would appear to be at variance with what is written in the newNice find. I've written a quick note about this inconsistency to [email protected] [1]. [1]: -- Christopher W. <lists@...> |
Thanks to all who replied.
I was finally able to figure out what happened. She set up the 2FA using her old phone, which she no longer has and doesn't have the codes. I removed her membership from the group and added her under a new email. I don't believe that she did this on purpose and wasn't real certain of the details. She doesn't care about having an unused groups.io identity floating around. I was not aware of the 2FA so tried it with my backup ID for one of my groups. I couldn't get it so work gave up. It is not clear on how to get this to work or the possible negatives for those not aware of what they may be doing. Again, Thank you Paul, Ohio, USA |
to navigate to use esc to dismiss