2FA fallback / account recovery?

no6una9a · December 21, 2021, 6:05pm

Hello,

maybe a rather simple question: I would like to activate 2FA on my self-hosted Invoiceninja V5 instance. I am just wondering what would be the fallback solution if i.e. my lovely smartphone I am going to use for 2FA token creation will get lost? There is the standard Invoiceninja password recovery function via “provide your e-mail for passwort recovery” being part of the Invoiceninja login page. Does this still work with 2FA activated user lost his 2FA App/Mobile phone?

If not is there any other workaround for this kind of user?

Kind regards,
Nobunaga

hillel · December 21, 2021, 6:27pm

Hi,

As a workaround you could manually disable 2FA for the user by updating the database directly.

no6una9a · December 21, 2021, 6:33pm

Hello,

thanx for your quick answer! Does the workaround posted by you one year ago for V4 still work with Invoiceninja V5?

update users set google_2fa_secret = null, remember_2fa_token = null where email = ‘your_email’;

Kind regards,
Nobunaga

hillel · December 21, 2021, 10:04pm

I’m not sure, you’ll need to check the v5 column field names, It should be similar.