Authy 2FA tokens stopped working

**Operating system: CentOS
**OS version: 8.2

Authy 2FA stopped working presumably after today’s update. By removing 2FA from a couple Webmin files I was able to login the normal way. Next I added my API key again, re-enrolled the user without errors and still the token can’t be authenticated. I notice the token form now loads separately from the user/password form and assume there was a change. It’s not an Authy problem because a couple other logins are working.

I don’t know about any changes in this area, I’ll have to check in with @Ilia or Jamie.

But, I do know there is a webmin command to disable 2FA, for occasions where something goes wrong with your second factor.

# /usr/libexec/webmin/bin/webmin disable-twofactor --help
Usage:
    disable-twofactor --user username

Options:
    --help, -h
        Print this usage summary and exit.

    --config, -c
        Specify the full path to the Webmin configuration directory.
        Defaults to "/etc/webmin"

    --user, -u
        Name of the user to disable two-factor authentication for.

(I’m not sure why webmin isn’t added to the path, yet, I thought we’d gotten that sorted…but, you can call it with the full path to the command in /usr/libexec/webmin/bin or /usr/share/webmin/bin.)

1 Like

I reckon the webmin commands do what I did to /etc/webmin/miniserv.conf and /etc/webmin/miniserv.users. I’ll experiment with that. The cli is way easier and I should explore it more often. Thanks!

Yes, unfortunately there was a bug which has been fixed with Webmin 1.961. We have few fixes to make before we make it official, and it can be added to Virtualmin repos.

The problem was caused by not escaping existing password correctly, so any passwords containing special chars would fail, unless the patch is applied.

1 Like

Thanks @Ilia and @Joe, it’s working after applying the patch.

This topic was automatically closed 4 days after the last reply. New replies are no longer allowed.