wp-calypso icon indicating copy to clipboard operation
wp-calypso copied to clipboard
verified publisher icon Automattic

When logging into an account with 2FA enabled, inconsistent authentication options are shown

Open aditi-bhatia opened this issue 1 year ago • 4 comments

Details

When logging into an account with 2FA enabled on Web, the option to authenticate via the WordPress/Jetpack app is not always an option. When it is an option, users see this screen with both options available:

Screenshot 2024-01-30 at 2 53 01 PM

However, sometimes users only see 1 option to authenticate via their authenticator app: Screenshot 2024-01-30 at 1 31 41 PM It would be ideal to have consistency in the options available when logging in.

Checklist

No response

Related

No response

aditi-bhatia avatar Jan 30 '24 23:01 aditi-bhatia

  1. I started with just the JPiOS app logged in
  2. I could log in to a WP.com account (that has app-based 2FA enabled) by approving from the JPiOS app (success 5 out of 5 times) ✅
  3. I then logged into the JPAndroid app as well (now both apps are logged in)
  4. Now, when attempting to log in to WP.com from the browser, I wasn't offered the option to authenticate from the app ❌
  5. It then worked the next time (and I tested a couple more times and always got the notification on both apps) ✅
  6. I signed out of JPiOS and it continued working on JPAndroid ✅
  7. I signed out of JPAndroid (now I have both apps logged out) and WP.com still offered me the option to log in via a notification ⚠️ (I'm not sure if I had another device or simulator logged into the account)
  8. I signed back in to JPAndroid and WP.com no longer offerred be the option to log in via the app ❌

So, no consistent steps to reproduce yet.

guarani avatar Feb 08 '24 14:02 guarani

  1. I started with just the JPiOS app and logged in to an account with app-based 2FA enabled, enabled notifications
  2. I went to WP.com multiple times and tried to log in to this account
  3. I tried dozens of times but I was never offered the option to authenticate from the app ❌

staskus avatar Feb 08 '24 21:02 staskus

My steps:

  1. I tested with both the JP iOS and JP Android apps and logged in to an account with 2FA enabled + notifications enabled.
  2. I navigated to WP.com and tried to login to this account multiple times.
  3. I received the option to authenticate from the app a few times, but not every time. ❌
  4. On the few occasions that I did receive the option to authenticate from the app, no push notification was sent, and I was unable to authenticate using this method. ❌

aditi-bhatia avatar Feb 09 '24 00:02 aditi-bhatia

Adding to this, there is no "escape hatch" (contact support, other options, etc). Screenshot 2024-05-24 at 13 16 03

mrfoxtalbot avatar May 24 '24 11:05 mrfoxtalbot