FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login

    Investigating 2FA failures

    Scheduled Pinned Locked Moved Solved
    Q&A
    1
    2
    1.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • danD
      dan
      last edited by

      What is the best way to troubleshoot 2FA failures?

      If a user enters a code they received on SMS or use a TOTP code, and FusionAuth still says invalid code, how can we troubleshoot the issue?

      I don't see any webhooks and there aren't a ton of event logs.

      --
      FusionAuth - Auth for devs, built by devs.
      https://fusionauth.io

      1 Reply Last reply Reply Quote 0
      • danD
        dan
        last edited by

        Currently FusionAuth does not provide additional logging or events for a failed 2FA login.

        There are two reasons that a 2FA code would be considered invalid (assuming the code was valid at one point in time):

        • Expiration. You can control the duration of these codes in the Advanced tab of the edit tenant page by adjusting the external identifier duration for Two-Factor login
        • Another code requested. A user is only allowed one active 2FA code at a time, so if there is a situation where another 2FA code is requested, the other code would be invalidated.

        It'd be good to see if you can narrow down the situation where the invalid code method is received to one of those, which may help troubleshoot the root cause.

        --
        FusionAuth - Auth for devs, built by devs.
        https://fusionauth.io

        1 Reply Last reply Reply Quote 0
        • danD dan has marked this topic as solved on
        • First post
          Last post