• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion
  • Please beaware of a breaking change in the REST API on the next Plesk release (18.0.62).
    Starting from Plesk Obsidian 18.0.62, requests to REST API containing the Content-Type header with a media-type directive other than “application/json” will result in the HTTP “415 Unsupported Media Type” client error response code. Read more here

Resolved Multi-Factor Authentication (MFA) extension does not remember device

P

pleskuser67553

Basic Pleskian
Username:

TITLE

Multi-Factor Authentication (MFA) does not remember device

PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE

Plesk Obsidian Version 18.0.61 Update #2, AlmaLinux 9.2, AMD EPYC-Milan

PROBLEM DESCRIPTION

Despite cookies being allowed in my browser, Multi-Factor Authentication (MFA) extension does not remember my device. It asks for MFA code every time, regardless of Remember this device for 30 days checked.

STEPS TO REPRODUCE

  1. Check Google Authenticator extension is not installed, disable and uninstall if necessary
  2. Check cookies are allowed in the browser and it is not in private / incognito browsing.
  3. Install Multi-Factor Authentication (MFA) extension.
  4. Configure with TOTP app and enable the remember device feature.
  5. Log out and log in.
  6. Check the Remember this device for 30 days checkbox if not already checked and enter TOTP code
  7. Logged in successfully.
  8. Log out and log in.
  9. MFA prompt appears again.
  10. Check the Remember this device for 30 days checkbox if not already checked and enter TOTP code
  11. Repeat steps 8-10 as much as you like
  12. Disabled and uninstall Multi-Factor Authentication (MFA) extension
  13. Install Google Authenticator extension
  14. Configure with TOTP app and enable the remember device feature.
  15. Log out and log in.
  16. Check the Remember this device for 30 days checkbox if not already checked and enter TOTP code
  17. Logged in successfully.
  18. Log out and log in.
  19. MFA prompt does not appear - device has been remembered.
  20. Repeat steps 18-19 as much as you like

ACTUAL RESULT

Device is not remembered with Multi-Factor Authentication (MFA) extension

Device is remembered with Google Authenticator extension, so cannot use the former and must continue using the latter.

EXPECTED RESULT

Device is remembered with Multi-Factor Authentication (MFA) extension

Google Authenticator extension is not required.

ANY ADDITIONAL INFORMATION

Mine is a new server with Plesk Web Host edition and Google Authenticator was never installed.

All my other servers work fine with Google Authenticator extension (I have not yet tried them with the replacement extension), so I 'rolled back' to the working extension on this new server and it works as expected.

Please delay deprecation of Google Authenticator extension until Multi-Factor Authentication (MFA) extension is robust - I see other bugs popping up on the forums and in release notes.

YOUR EXPECTATIONS FROM PLESK SERVICE TEAM

Confirm bug
 
Can confirm the bug on both my servers where I replaced the Google Authenticator extension with the Multi-Factor Authentication (MFA) extension. Both servers are running Debian 12.
 
Is there any ETA for a bugfix? We get a lot of negative response from our clients that they are forced to make the 2FA every time they login again. Especially admins are annoyed.
 
The new MFA version has been released, it also contains a fix for EXTPLESK-5556. It may take several hours for the update to become available through the Extension Catalog. Let us know if you have any feedback.

1.0.3 (12 June 2024)​

  • [-] The extension once again correctly remembers a device and no longer asks for authentication if the "Remember this device for 30 days" checkbox was selected before. (EXTPLESK-5556)
  • [-] The `plesk ext mfa config info` CLI command now works with accounts of additional administrators and SMB users. (EXTPLESK-5559)
Click to expand...
 
This is still not working for me, still having to input the code every time on desktop and mobile app. Guess uninstalling and going back to google authenticator again.
 
Nevermind, it is working now. Guess there must've been another update, since I reinstalled it when it said the extension was updated, now just did an update check and there was a new update, now seems to be working fine, thanks.
 
jktorres28 said:
This is still not working for me, still having to input the code every time on desktop and mobile app. Guess uninstalling and going back to google authenticator again.
Click to expand...
I had this situation on one of my servers too. It pulled the older version of the MFA extension, but I went to extension updates in the UI and forced a refresh, manually updated it, and all okay
 
You must log in or register to reply here.

Similar threads

P
Forwarded to devs Event 'CP User Login' triggered despite invalid additional authentication step (MFA)
Replies
2
Views
307
Kaspar@Plesk
Kaspar@Plesk
D
Forwarded to devs GIT extension 2.5.2 does not save token
Replies
6
Views
564
Kaspar@Plesk
Kaspar@Plesk
G
Question WP installs are quarantined daily.
Replies
4
Views
826
Bobbbb
B
Lenny
Resolved Seeking Assistance with API Communication Issues via SSL on Plesk
Replies
4
Views
941
Lenny
Lenny
M
Issue Can't open Port 25. Please help
Replies
2
Views
880
mhogue
M
Back
Top