• Resolved Paddy Landau

    (@paddy-landau)


    Having 2FA is great, but there are two problems with the setup.

    1. If I lose my phone or my phone fails, I’ve lost my 2FA. I can use the backup code to get in, but how do I see the QR code again in order to set up a new phone?

    2. I need the actual secret key rather than a QR code, because I put this into a password manager. I can get the key by reading the QR code with a QR code reader, but it would be much easier to display the key under the QR code (as other websites do). (If I had this option, it would be easy for me to fix problem 1.)

    Thank you.

    • This topic was modified 3 years, 7 months ago by Paddy Landau.
Viewing 9 replies - 1 through 9 (of 9 total)
  • Plugin Author Elena Chavdarova

    (@elenachavdarova)

    Hello @paddy-landau,

    Thank you for the valuable feedback. We will work on the 2FA optimization suggested and will reply back here when a new version is released including it.

    Best Regards,

    Elena

    Thread Starter Paddy Landau

    (@paddy-landau)

    Thank you, Elena.

    Has there been a fix, for this yet?

    Thread Starter Paddy Landau

    (@paddy-landau)

    @javilabbe — No, it hasn’t. If you have the plugin installed, just go look at your user profile, and you’ll see — or, rather, you won’t see!

    @elenachavdarova promised to post here once it’s fixed.

    @paddy-landau

    Hahahaha! I get it… I was able to remove the plugin, in the past. Then I used MyPHP to deactivate all plugins. Worked before, but now all of a sudden, no such luck!

    Why is this thread showing resolved? If it’s really not. I’d consider this unresolved.

    I might try again, by creating another admin account. Maybe the app will allow me to register via Google Authenticator. Then delete my original admin account. Remove it from the database and recreate? I’ll let you know…

    Have a great weekend

    @paddy-landau and @elenachavdarova

    It worked!

    1. Created a new administrator account, under a different Gmail account.
    2. Log into new admin account.
    3. Turned on 2FA via SG Security Login settings
    4. Logout and Log back in to activate Authenticator QR code.
    5. Copy backup codes.
    6. Turn off 2FA
    7. Demote previous administrator account to something else.
    8. In a different browser, login to demoted account. If it works, log back out.
    9. Log into new admin account and turn on 2FA.
    10 Test to confirm the app is working – coo berate backup codes match.
    11. Log out of everywhere and delete demoted (previous admin) account – allocate data to new admin account.
    12. Test site to confirm everything is working.
    13 Recreate your Admin Account. The login 2FA will work again! Scan QR Code and add to your 2FA app.

    Worked for me.

    Thanks and good luck!
    13.

    Thread Starter Paddy Landau

    (@paddy-landau)

    @javilabbe — That’s quite a process! I managed to figure it out without having to delete your user.

    Delete the existing key for a user

    Take a full backup of your database beforehand in case you mess up, but if you do this carefully, it should be fine.

    Go to phpMyAdmin or whatever database tool you use.

    1. Find the user’s ID:
      SELECT ID FROM wp_users WHERE user_login = '[username]';
    2. Find the user’s 2FA record (this step is optional, but it helps to check that you have the right details):
      SELECT * FROM wp_usermeta WHERE user_id = [userid] AND meta_key LIKE 'sg_security%';
    3. Delete these rows:
      DELETE FROM wp_usermeta WHERE user_id =[userid] AND meta_key LIKE 'sg_security%';
    4. WordPress back end > SG Security > Login Security > Two-factor authentication > turn off and then turn on again. (I don’t know why this step is needed, but it’s safe: it won’t clear the 2FA for any other user.)
    5. Log out and log in again.

    To find the secret key so that you have a backup

    When you log in again, SG Security presents you with a new QR code.

    Use a QR code scanner to see the details. (I have Android with Google’s camera, and it comes with a QR code scanner.) The result looks like this:

    otpauth://totp/https://[domain] ([email])?secret=[secretkey]

    • This reply was modified 3 years, 7 months ago by Paddy Landau. Reason: Formatting
    • This reply was modified 3 years, 7 months ago by Paddy Landau.
    Plugin Author Elena Chavdarova

    (@elenachavdarova)

    Hello @paddy-landau,

    We have just released a new version of the plugin with 2FA reset per user functionality. Additionally now the secret key and QR code are listed in the user profile page.

    You can update the plugin to verify the results on your end.

    Best Regards,
    Elena

    Thread Starter Paddy Landau

    (@paddy-landau)

    Perfect! Thank you, @elenachavdarova

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘How do I see the QR code again?’ is closed to new replies.