Topics

2FA recovery inconsistent on site and in manual


Christopher Warrington
 

The member manual and the Two-Factor Authentication account settings page
page do not agree on whether accounts with 2FA are recoverable or not. This
is leading to some confusion about whether a group owner should recommend
that one if their members who has lost their 2FA device needs to create a
new account or needs to contact support.

In the member manual under "Setting up two-factor authentication" [1], says
that support@groups.io can help recover an account:

Note: If the authentication code is lost (for example, if a device is
reset to factory settings), you will need to contact Groups.io Support to
be able to log in.
Contrast this with the Two-Factor Authentication account settings page [2]:

Groups.io Support cannot restore access to accounts with two-factor
authentication enabled for security reasons. Saving your recovery codes in
a safe place can help keep you from being locked out of your account.
Hat tip to Chris Jones on GMF for noticing this. [3]

[1]: https://groups.io/helpcenter/membersmanual/1/understanding-groups-io-accounts/setting-account-preferences-and-viewing-account-information
[2]: https://groups.io/account?page=security
[3]: https://groups.io/g/GroupManagersForum/message/31223

--
Christopher W. <lists@...>


 

On Sat, Apr 18, 2020 at 2:44 PM Christopher Warrington <lists@...> wrote:

The member manual and the Two-Factor Authentication account settings page
page do not agree on whether accounts with 2FA are recoverable or not. This
is leading to some confusion about whether a group owner should recommend
that one if their members who has lost their 2FA device needs to create a
new account or needs to contact support.

In the member manual under "Setting up two-factor authentication" [1], says
that support@groups.io can help recover an account:

> Note: If the authentication code is lost (for example, if a device is
> reset to factory settings), you will need to contact Groups.io Support to
> be able to log in.

Yes, via support, we can disable two factor authentication for people who did not save their backup codes and who can no longer authenticate. 

Nina, can you update the manual?

Thanks,
Mark


Christopher Warrington
 

On 2020-04-21 at 11:56 AM, Mark Fletcher <markf@corp.groups.io> wrote:
Yes, via support, we can disable two factor authentication for people
who did not save their backup codes and who can no longer authenticate.

Nina, can you update the manual?
The manual already says that support can help. It's the Two-Factor Authentication account settings page (https://groups.io/account?page=security) on the site that says otherwise.