Closed
Bug 1067912
Opened 11 years ago
Closed 9 years ago
New devices are added to the MFA device list before enrollment is completed
Categories
(Websites :: login.mozilla.com, defect)
Websites
login.mozilla.com
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: emorley, Assigned: rtucker)
References
Details
In bug 1065644, I had Duo enabled on my account, even though I did not complete the process. We should not enable Duo on an account unless at least one device has been added.
|
Reporter | |
Comment 1•10 years ago
|
||
This happened again for me today.
|
|
||
Comment 2•10 years ago
|
||
I don't see that changing anything here will have a positive impact in ~2 weeks when duo will be enforced for vpn and ssh (in other words, duo will be 'enabled' for everyone)
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → WONTFIX
|
|
Reporter | |
Comment 3•10 years ago
|
||
I apologise for this bug being scarce on details - I'd add them in now, but I'm unable to add an MFA device after the "Bypass 2FA" option being enabled (see bug 1067914 comment 1 IRC excerpt; if there's a better way to fix that issue that let's me sign up when I'm ready in the future, please make the necessary changes).
STR (from memory due to the above, so might not spot on):
1) With an MFA device already added, start the process of adding another
2) Before completing the enrollment (eg before entering back the confirmation Google authenticator code), abort the process by going back to the login.m.o homepage
3) Click the MFA tab
Expected:
Only the device that was enrolled already is listed.
Actual:
There are now two devices listed, the one already enrolled, and the one for whom the enrollment was aborted
Status: RESOLVED → REOPENED
Resolution: WONTFIX → ---
Summary: Duo shouldn't be enabled for an account if enrolment wasn't completed fully → New devices are added to the MFA device list before enrollment is completed
|
|
||
Comment 4•10 years ago
|
||
(In reply to Ed Morley [:emorley] from comment #3)
> Expected:
> Only the device that was enrolled already is listed.
>
> Actual:
> There are now two devices listed, the one already enrolled, and the one for
> whom the enrollment was aborted
Ah ok - that is a problem, yes. Sorry it sounded like just the enforcement was happening without a full enrollment.
|
|
Reporter | |
Comment 5•10 years ago
|
||
No problem - when this bug was filed I think only one device could be added at a time, so comment 0 didn't make that distinction :-)
Just a ping as complete rollout is next week. Not sure how many people have hit the bug and how important it is to prioritize, but wanna be sure you've seen it
Flags: needinfo?(rtucker)
|
|
Assignee | |
Comment 7•10 years ago
|
||
(In reply to Guillaume Destuynder [:kang] from comment #6)
> Just a ping as complete rollout is next week. Not sure how many people have
> hit the bug and how important it is to prioritize, but wanna be sure you've
> seen it
There's really nothing that can be done here. I've discussed this with :cshields and the best solution is we've added disclaimer text. DUO maintains state on their end. The barcodes are generated after the device has been added and activated in DUO.
Flags: needinfo?(rtucker)
|
|
Reporter | |
Updated•9 years ago
|
Assignee: infra → nobody
Component: Infrastructure: Other → login.mozilla.com
Product: Infrastructure & Operations → Websites
Version: other → unspecified
|
|
Assignee | |
Comment 8•9 years ago
|
||
Per comment #7 and the lack of feedback indicating this is problematic, I'm going to close this out.
Assignee: nobody → rtucker
Status: REOPENED → RESOLVED
Closed: 10 years ago → 9 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•