Panel: Add 2FA Backup Codes

Created on 8 Jun 2017  路  11Comments  路  Source: pterodactyl/panel

I have managed to lock myself out of Pterodactyl... I use 2FA and my phone died. I just got a replacement phone. I tried to log into Pterodactyl but it asked for my 2FA code... Well, that 2FA code was on my old phone which at that point was erased and I would not have been able to get it anyway since it was dead. Pterodactyl has no backup codes or backup methods for 2FA. I'm totally locked out. Is there a way to disable 2FA in the database?

Suggestion: Add 2FA Backup Codes!

Someone else will get into this situation and will have no way of getting into Pterodactyl. Every other site that has a 2FA feature has a backup method for a reason. Pterodactyl NEEDS one too.

I was able to get back in by creating a new user and transferring everything to my new user but that is really inconvenient.

feature request
Source
picture nprail
👍7

Most helpful comment

You can disable 2fa by setting use_totp to 0 and totp_secret to NULL in table users.

2FA backup codes would be nice though ^^

picture Derkades on 8 Jun 2017
👍6

All 11 comments

You can disable 2fa by setting use_totp to 0 and totp_secret to NULL in table users.

2FA backup codes would be nice though ^^

Derkades picture Derkades on 8 Jun 2017
👍6

I'd love it if you guys used Google Authenticator instead.

Qasimmodo picture Qasimmodo on 8 Jun 2017

@Qasimmodo I use LastPass Authenticator which is essentially the same. Google Authenticator should work.

nprail picture nprail on 8 Jun 2017

It does work

Derkades picture Derkades on 8 Jun 2017
👍1

You can easily disable 2FA for a user using the new console command: php artisan p:user:disable-fa [email protected]

https://github.com/Pterodactyl/Panel/blob/e56f4cd/app/Console/Commands/User/DisableTwoFactorCommand.php

lancepioch picture lancepioch on 10 Nov 2017

In my opinion backup codes would still be a very useful addition, so sysadmins don't get flooded with emails

Derkades picture Derkades on 10 Nov 2017

@lancepioch That does not solve the real problem here. That solution is not good UX and can only be done by the admin.

nprail picture nprail on 10 Nov 2017

This feature would be pretty nice. I think it is really important that it is implemented because not having access to your 2FA authenticator can happen pretty easily.

28andrew picture 28andrew on 28 May 2018

After reaching out for the Google2fa key verification we could add a check to see if there's a backup code for it and login with that instead? It seems like a pretty easy implementation in general. Just adding another table at most with a collection of backup codes.

MatthewSH picture MatthewSH on 31 May 2019

i got locked out also and have no way of coming in and the command php artisan p:user:disable-fa [email protected] doesn't work please help

TheCompieter picture TheCompieter on 5 Jun 2020

nvm had too be in the right directory and use and diffrent command
/var/www/pterodactyl# php artisan p:user:disable2fa [email protected]

TheCompieter picture TheCompieter on 5 Jun 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

stijnb1234 picture stijnb1234  路  3Comments
jer3m01 picture jer3m01  路  3Comments
WeatherSquad picture WeatherSquad  路  3Comments
DaneEveritt picture DaneEveritt  路  4Comments
dennorske picture dennorske  路  4Comments