¿ªÔÆÌåÓý

Enter Your Two-Factor Authentication Code #login


 

Hi All,
A member of our group recently got a new iPhone and when she tries to log into the group the gets the above request. She has also tried this on her Mac & iPad with the same results. I've not encountered this before and don't have a problem logging in on my iPhone 8, yet I do not own any other ios devices. Is there something set within ios?

She is certain that she is using the correct password. She receives group emails and can reply. I'm considering deleting her account and adding her back, under a different email. Before I do that, I wonder if there could be something she set to create this problem or if there is something within groups.io that I'm unaware of?

Take care and Be Safe,
Paul, Ohio, USA


 

On Fri, Apr 17, 2020 at 09:45 PM, Paul Ohio USA wrote:
I wonder if there could be something she set to create this problem or if there is something within groups.io that I'm unaware of?
2FA is not something I have used on Groups.io but from the screenshot you included it is Groups.io's own 2FA that she is encountering, and that being so it is something that she herself has set up under her Account; it is not a group - level function. It can be found via Account > Security, and it is not something that you can change for her.

Chris


 

On Fri, Apr 17, 2020 at 09:45 PM, Paul Ohio USA wrote:
I'm considering deleting her account and adding her back, under a different email.
2FA is at her account level so you wouldn't be able to delete that. You could remove her from your group and add her back in with a different email but that would be using a different account. If the alternative email address has not previously been associated with Groups.io it would create a new account at that point. See the Members' Manual section about accounts in the help centre for more details.

Andy


dave w
 

hi
For anyone using basic functions of a phone 2FA is overkill anyway.
That it has been 'deemed' necessary by the tech company is only due to the less than knowedgeable use of devices.
Annoying alerts that I dismiss (and I'm a 30 yr veteran of Mac-devices)
regards d


 

On Sat, Apr 18, 2020 at 12:44 AM, dave w wrote:
For anyone using basic functions of a phone 2FA is overkill anyway.
It can easily be argued that 2FA is not overkill given the greater likelihood of a 'phone falling into the wrong hands? compared with a desktop or laptop.

That it has been 'deemed' necessary by the tech company is only due to the less than knowedgeable use of devices.
I rather doubt if "the tech company" (which one, BTW?) deemed anything necessary; using Occam's Razor the more likely origin of this problem is the end user herself who may have set it inadvertently.

Chris


 

On 2020-04-17 at 2:03:59 PM, chrisjones12 via groups.io <chrisjones12@...> wrote:

2FA is not something I have used on Groups.io but from the screenshot you
included it is Groups.io's own 2FA that she is encountering , and that
being so it is something that she herself has set up under her Account; it
is not a group - level function. It can be found via *Account > Security*
, and it is not something that you can change for her.
Even Groups.io support will refuse to change those settings if you were to
open a support request. From the Account > Security page that Chris
mentioned:

Groups.io Support cannot restore access to accounts with two-factor
authentication enabled for security reasons. Saving your recovery codes in
a safe place can help keep you from being locked out of your account.
Notice, however, the mention of "recovery codes". When 2FA was enabled for
the account in question, 10 recovery codes were generated. Each code can be
used to fill in the 2FA prompt once. I'd ask this member if they have the
recovery codes around somewhere (e.g., a printout, in a password manager).
If they have the codes, they can use one of the codes to log in and disable
2FA. From your summary, I assume that they won't want to re-enable 2FA. They
_can_ re-enable it, if they want to. Note that if they do, I suspect that
the existing recovery codes will no longer work and that a new set of 10
will be generated and will need to be stored safely.

You may also want to have them check if they're logged in on another device
already. (E.g., a different machine in the house, a work machine) If they
are already logged in, they could try to get the current recovery codes or
to disable 2FA for the account.

Here's what Account > Security > Two-factor Recovery Codes has to say about
them:

Recovery codes can be used to access your account in the event you lose
access to your device and cannot receive two-factor authentication codes.
Treat your recovery codes with the same level of attention as you would
your password! We recommend saving them with a password manager such as
Lastpass or 1Password. Each code can be used only once.
--
Christopher W. <lists@...>


 

On Sat, Apr 18, 2020 at 12:25 PM, Christopher Warrington wrote:
Even Groups.io support will refuse to change those settings if you were to
open a support request. From the Account > Security page that Chris
mentioned:
That would appear to be at variance with what is written in the new Members' Manual: section 4.4.5 (pages 19 & 20 of the pdf version) states:

Note: If the authentication code is lost (for example, if a device is reset to factory settings), you will need
to contact Groups.io Support to be able to log in.

(Another note a little above that reads:

Important: Once you enable two-factor authentication, you will not be able to log in to Groups.io
through a social login (Google or Facebook) or by using the Groups.io function to email you a link to log
in.)

Perhaps it's a case of 2FA at your own risk..!

Chris


 

On 2020-04-18 at 5:17:52 AM, Chris Jones via groups.io <chrisjones12@...> wrote:

Perhaps it's a case of 2FA at your own risk..!
Agreed! 2FA is not for everyone in every situation.

If it helps others, here's how I mitigate such risks (the trade-offs that I
make) so I can get the benefits of 2FA:

When I configure 2FA on an account, I print out two copies of the QR
code/shared secret and the recovery codes. I keep one copy in a file folder
at home and one in my safe deposit box.

If I lose access to my 2FA device, I can scan the QR codes on another
device.

My threat model include fires, random hackers on the Internet (mostly
credential leaks/stuffing), a mild amount of targeting hacking, and my
incapacitation. It does not include family members, lawsuits & the like, or
someone willing to break in to my house/safe deposit box and carefully steal
my 2FA backups.

--
Christopher W. <lists@...>


 

On 2020-04-18 at 5:17:52 AM, Chris Jones via groups.io <chrisjones12@...> wrote:

That would appear to be at variance with what is written in the new
*Members' Manual* : section *4.4.5* (pages 19 & 20 of the pdf version)
states:
Nice find. I've written a quick note about this inconsistency to
[email protected] [1].

[1]:

--
Christopher W. <lists@...>


 

Thanks to all who replied.

I was finally able to figure out what happened. She set up the 2FA using her old phone, which she no longer has and doesn't have the codes. I removed her membership from the group and added her under a new email. I don't believe that she did this on purpose and wasn't real certain of the details. She doesn't care about having an unused groups.io identity floating around.

I was not aware of the 2FA so tried it with my backup ID for one of my groups. I couldn't get it so work gave up. It is not clear on how to get this to work or the possible negatives for those not aware of what they may be doing.

Again, Thank you
Paul, Ohio, USA