Two-factor authentication (2FA) seems not to work

I think only someone of the @admins group can do this.

Hi Jeroen,

I’ll have a look today. :wink:

Regarding the underlying issue with 2FA: we are aware of it, and we are hoping to fix it with the next discourse update. In the meantime, the only workaround is not to use 2FA or ask for it to be disabled if you get stuck.

The update is in the backlog, we’ll let you all know when the time comes :slight_smile:


Hi Jeroen, I disabled the 2FA for your account :slight_smile:
For the time beeing, please redirect to me any users that have a similar need.


Today I also tried to setup 2FA on this forum and it still doesn’t work for me. The code for initialization was not accepted.

I tried to enable 2-factor, but the activation fails. The page claims the token is wrong.

Also I noticed, when I tried to go through the step multiple times, I always got the same base32 secret/QR code displayed, it never changed. Is that auto-generated based on email, or is it a hardcoded sidewide secret? It probably should be randomly generated every time someone (re-)activates 2-factor auth, especially in case the 2nd factor gets stolen (phone lost) being able to reset the secret would be important.


This forum still doesn’t accept any 2FA code from my authenticator app (Authy). I’ve now used one of my backup codes to log in and disable 2FA for the time being. Re-enabling 2FA doesn’t work as no auth code is accepted. @gabrieleb Any update on this matter? Thanks in advance! :slight_smile:

@kolaj, no news for the time being, sorry. Still in the backlog.



For serious? A simple security feature that could make the accounts of this forum so much more secure? My first report was in October 2018!

1 Like

My bet would be, that the forum is just an “add-on” for Fairphone and no target of highest priority.
Since 2018:
They have taken care to get the FP3 on the market on time, tweaking even the hardware (# of screws to fix the display) as late as mid 2019 (if I recall it right).
They were - at the same time - working on Android 9 for the FP2.
So, most likely, the forum was kind of neglected (and maybe 2FA was not that popular with forum users to make it really urgent?). Plus - just a possibility - this matter is not as simple and trivial as it seems?

Just a kind of explanation my imagination came up with and not meant to justify it. Honestly, I am totally undecided on this.

Better no forum, as an insecurely operated forum.
A trade-off would be to increase the requirements for password complexity.

Hey @maba007

Better no forum, as an insecurely operated forum.

This sounds a bit of an over-reaction.
Are you correct in thinking this should have been resolved already? Yes, and you have all the rights to voice your concern.
Is the forum a platform that becomes by default insecure without 2FA? I don’t think so.

A trade-off would be to increase the requirements for password complexity.

The current password limitations include:

  • Minimum of 8 characters
  • Minimum of 6 unique characters
  • A dictionary of common words that are not allowed.

I sincerely doubt the average user would need more than this once 2FA in working order. On this topic, please see below.

About the issue at hand

The IT team is working on redeploying the forum to a different host. We are working on doing a clean install and an import of the database, which should both solve some of the issues we are having and allow for easier maintenance in the future.

@BertG wrote:
Plus - just a possibility - this matter is not as simple and trivial as it seems?

Sorta. We don’t know what is causing the problem, but we don’t feel comfortable poking around with the risk of creating bigger issues at the moment. That’s why we are approaching the problem at a higher level (see above).

I hope this helps brightening the mood a bit :slight_smile:



Thanks for the clarification. :+1:

@maba007, FYI: IMPORTANT: planned forum downtime due to server maintenance


1 Like

@maba007, @kolaj, @corvuscorax, @fair2fair, @JeroenH.

You should now be able to (re)enable 2FA :wink:


I can confirm that 2FA works.


Works, thank you very much!

1 Like

Good things come to those who wait :+1: thank u!


Works like a charm, even with U2F. Thanks a lot guys, very good work!

1 Like

It works, perfect, thanks a lot!

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.