Yesterday's update reset MFA status for everyone
Today I signed in with username + password, then entered MFA code on the next screen as usual. Even though I just used an MFA code, on the next screen I was prompted to set up MFA, which I did.
Yet when I log out and in again, my originally set up MFA is still working. The newly set up MFA also works.
Checking Org/Users, whatever update DNSfilter rolled out yesterday it has “removed” MFA from everyone, but not really.
And of course there is no way to check under my profile what authenticator are attached to my account. So I don't know if I'm safe to remove the original authenticator or the new one?
-
Official comment
AB and Theodore Van Iderstine , Thank you for your post and comment. We understand the frustration and potential inconvenience this may have caused, and we sincerely apologize for any disruption to your experience.
We want to assure you that we are actively working on refactoring and improving our MFA process to better align with our future business needs and to provide a more robust and seamless security experience.
During the development of these improvements, we encountered an issue while synchronizing user metadata between our Auth0 tenant, which serves as the central source of truth, and our database. This synchronization problem unfortunately led to some users being prompted to set up MFA again.
We understand that this may have been confusing, and we want to clarify that Auth0's capabilities allow for multiple MFA configurations and the potential to prompt for setup even if it was previously enabled.Importantly, if you were affected by this, no further action is required from your end. The system has been corrected, and your security settings should now be as expected.
To your second question, Theodore, our help center and app are currently not the same login system: the app 2FA does not impact the ability to sign in and post in our Community at this time.
We are taking thorough steps to prevent similar incidents from occurring in the future. Our team is reviewing the synchronization process and implementing more robust safeguards to ensure data integrity and a smoother user experience during future updates.
We appreciate your understanding and patience as we continue to enhance our systems. Your security remains our top priority, and these improvements are aimed at providing a more secure and reliable platform for everyone.
-
I haven't reset 2fa on my account and your website is prompting me to enable 2fa, even though i just logged in using 2fa.
What's going on?
2nd question is how am I able to sign in here an post this without having updated 2fa on my account?
0
Please sign in to leave a comment.
Comments
2 comments