Having trouble with MFA using Yubikeys

System
System Member Posts: 257 Moderator Moderator
edited April 23 in Accounts Hosted

Comments

  • ComputerAmbulance
    ComputerAmbulance Member Posts: 8 Reckoner Reckoner

    We are having issues with using 2FA. We go through the setup and activate it but when you log back in and it askes for the six digit code the page just freezes and you can't click to accept or enter key does not work either. However if I login through my phone the six digit code is accepted. We have tried several computers and they all have the same effect and different browsers. We are using Yubikeys for generating our codes.

  • Rav
    Rav Administrator, Reckon Staff Posts: 16,515 Reckon Community Manager Community Manager

    Hi @ComputerAmbulance

    This sounds a bit odd. Is there anything else happening on-screen when you enter the MFA code when logging in on your PC or is it just non responsive?

    Are you able you exit from that screen after it freezes?

    Which browser app are you using on your phone where it allows you to login?

  • ComputerAmbulance
    ComputerAmbulance Member Posts: 8 Reckoner Reckoner

    Everything is working as it should up until that point. The box that opens up to allow the code works as we are able to type or paste the six digit number in there but the only button that works on the box is the cancel button. We can't move on any further, this is on both Chrome and Firefox and on two different computers. However on my phone it works as it should. I am using Chrome on my phone.

  • Barbara Allen-Guthrie
    Barbara Allen-Guthrie Member Posts: 216 Reckon Star Reckon Star

    This is a worry, I am only commenting as I want to follow this thread is there a way to do that without adding my two cents?

  • Rav
    Rav Administrator, Reckon Staff Posts: 16,515 Reckon Community Manager Community Manager

    Thanks for getting back to me @ComputerAmbulance

    I just got in to the office and went through some testing to see if I can replicate what you're experiencing however it seems to be working correctly across multiple browsers and Hosted accounts.

    The difference is, I used my Google Authenticator app and SMS in my testing. I'm not familiar with YubiKey however my gut feeling is that is likely tripping things up here. Can you step me through how you setup MFA on your Hosted account with YubiKey and does it generate an MFA code on a regular interval?

    As a test, if you revoke the MFA from the Hosted account and set it up using an authenticator app such as Google or Microsoft Authenticator or even the SMS option, does it work for you?

  • Rav
    Rav Administrator, Reckon Staff Posts: 16,515 Reckon Community Manager Community Manager

    @Barbara Allen-Guthrie if you bookmark a post that you're interested in you'll receive an email notification when there are new comments posted in it.

    There's more info on this here - Bookmarking posts on the Reckon Community 🔖

  • ComputerAmbulance
    ComputerAmbulance Member Posts: 8 Reckoner Reckoner
    edited April 16

    @Rav I setup 2FA through Google Authenticator and by using SMS and have both produced the same result. I can set it up and it takes the initial six digit code but when you log back in it will not allow me to continue past the authentication box. The continue button lights up when you click on it but it does nothing. 2FA still works on my phone thankfully so I can undo it as if this was not the case we would have no access to our accounts.

    Yubikey is a hardware 2FA device that plugs into the USB port and has software that reads the QR codes off the screen to add them to the memory in the key. It then generates the six digit code. I have several other software vendors setup in my key and they all work fine instead of using Google or Microsoft Authenticators.

  • Rav
    Rav Administrator, Reckon Staff Posts: 16,515 Reckon Community Manager Community Manager

    Hmm ok that's interesting. Thanks for trying it out with an authenticator app and SMS.

    I was trying out the MFA process a few more times throughout the course of the day and seemed to work normally in all my tests.

    We might need to have our support team assist here but before that, and this might be a little left-field, but do you have any browser extensions running? Does the same behaviour occur if you attempt in an incognito browser window?

  • ComputerAmbulance
    ComputerAmbulance Member Posts: 8 Reckoner Reckoner
    edited April 16

    @Rav I setup 2FA with Google Authenticator and ran Hosted in incognito mode on Chrome and it worked as normal. I tried it with Firefox private window and it worked as well. I cleared that 2FA setting and reconnected it to my Yubikey and tested and both browsers worked ok while in incognito and private browsing.

    I then disabled all the extensions in Chrome and tried it again but unfortunately it will still not accept the six digit code even with everything turned off. My second computer has less extensions on Chrome and it still won't work on there either with extensions disabled. This is with both Google Authenticator and the Yubikey.

  • ComputerAmbulance
    ComputerAmbulance Member Posts: 8 Reckoner Reckoner

    @Rav Just checking if any further outcome with the issue having to use Hosted Accounts in incognito mode to use 2FA?

  • Barbara Allen-Guthrie
    Barbara Allen-Guthrie Member Posts: 216 Reckon Star Reckon Star

    Why has your post been locked?

    We have managed to come up with a different solution to get around the 2FA issue with multiple users using the same login. We were in the same boat as other pe

  • Rav
    Rav Administrator, Reckon Staff Posts: 16,515 Reckon Community Manager Community Manager

    Hi @ComputerAmbulance

    From what you've mentioned so far and the troubleshooting you've conducted (thank you for that by the way), my gut feeling is that its pointing to something local preventing the MFA challenge from functioning correctly rather than the overall MFA functionality itself.

    We can only support authentication via an authenticator app or SMS so putting the Yubikeys aspect aside for a moment, you've mentioned you received the same result in Chrome when trying MFA using an authenticator app/SMS, was that conducted while your browser extensions were disabled?

  • ComputerAmbulance
    ComputerAmbulance Member Posts: 8 Reckoner Reckoner

    We have tried authenticating via every means and it still will not work, with or without extensions enabled, on two different machines and different browsers, incognito mode is the only way it will work.

  • Rav
    Rav Administrator, Reckon Staff Posts: 16,515 Reckon Community Manager Community Manager

    The next step I'd suggest is having a chat with our technical support team to have a closer look and potentially kick off an remote session to observe what's happening on-screen when you get MFA setup. Please note: They will not support MFA via Yubikey but will investigate why MFA is failing when using an authenticator app/SMS as your MFA source.

    Give the team a buzz on 1300 799 150 when you've got a chance and one of our technicians will be able to assist.

  • ComputerAmbulance
    ComputerAmbulance Member Posts: 8 Reckoner Reckoner

    @Rav Just for information, I tried our login on another computer and laptop and both failed at the same location where you can't continue after entering the six digit code. I don't think is related to our office computers it has to be some incompatibly somewhere else.