• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:
    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Resolved Multi-Factor Authentication (MFA) extension does not remember device

P

pleskuser67553

Basic Pleskian
Username:

TITLE

Multi-Factor Authentication (MFA) does not remember device

PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE

Plesk Obsidian Version 18.0.61 Update #2, AlmaLinux 9.2, AMD EPYC-Milan

PROBLEM DESCRIPTION

Despite cookies being allowed in my browser, Multi-Factor Authentication (MFA) extension does not remember my device. It asks for MFA code every time, regardless of Remember this device for 30 days checked.

STEPS TO REPRODUCE

  1. Check Google Authenticator extension is not installed, disable and uninstall if necessary
  2. Check cookies are allowed in the browser and it is not in private / incognito browsing.
  3. Install Multi-Factor Authentication (MFA) extension.
  4. Configure with TOTP app and enable the remember device feature.
  5. Log out and log in.
  6. Check the Remember this device for 30 days checkbox if not already checked and enter TOTP code
  7. Logged in successfully.
  8. Log out and log in.
  9. MFA prompt appears again.
  10. Check the Remember this device for 30 days checkbox if not already checked and enter TOTP code
  11. Repeat steps 8-10 as much as you like
  12. Disabled and uninstall Multi-Factor Authentication (MFA) extension
  13. Install Google Authenticator extension
  14. Configure with TOTP app and enable the remember device feature.
  15. Log out and log in.
  16. Check the Remember this device for 30 days checkbox if not already checked and enter TOTP code
  17. Logged in successfully.
  18. Log out and log in.
  19. MFA prompt does not appear - device has been remembered.
  20. Repeat steps 18-19 as much as you like

ACTUAL RESULT

Device is not remembered with Multi-Factor Authentication (MFA) extension

Device is remembered with Google Authenticator extension, so cannot use the former and must continue using the latter.

EXPECTED RESULT

Device is remembered with Multi-Factor Authentication (MFA) extension

Google Authenticator extension is not required.

ANY ADDITIONAL INFORMATION

Mine is a new server with Plesk Web Host edition and Google Authenticator was never installed.

All my other servers work fine with Google Authenticator extension (I have not yet tried them with the replacement extension), so I 'rolled back' to the working extension on this new server and it works as expected.

Please delay deprecation of Google Authenticator extension until Multi-Factor Authentication (MFA) extension is robust - I see other bugs popping up on the forums and in release notes.

YOUR EXPECTATIONS FROM PLESK SERVICE TEAM

Confirm bug
 
Can confirm the bug on both my servers where I replaced the Google Authenticator extension with the Multi-Factor Authentication (MFA) extension. Both servers are running Debian 12.
 
Is there any ETA for a bugfix? We get a lot of negative response from our clients that they are forced to make the 2FA every time they login again. Especially admins are annoyed.
 
The new MFA version has been released, it also contains a fix for EXTPLESK-5556. It may take several hours for the update to become available through the Extension Catalog. Let us know if you have any feedback.

1.0.3 (12 June 2024)​

  • [-] The extension once again correctly remembers a device and no longer asks for authentication if the "Remember this device for 30 days" checkbox was selected before. (EXTPLESK-5556)
  • [-] The `plesk ext mfa config info` CLI command now works with accounts of additional administrators and SMB users. (EXTPLESK-5559)
Click to expand...
 
This is still not working for me, still having to input the code every time on desktop and mobile app. Guess uninstalling and going back to google authenticator again.
 
Nevermind, it is working now. Guess there must've been another update, since I reinstalled it when it said the extension was updated, now just did an update check and there was a new update, now seems to be working fine, thanks.
 
jktorres28 said:
This is still not working for me, still having to input the code every time on desktop and mobile app. Guess uninstalling and going back to google authenticator again.
Click to expand...
I had this situation on one of my servers too. It pulled the older version of the MFA extension, but I went to extension updates in the UI and forced a refresh, manually updated it, and all okay
 
You must log in or register to reply here.

Similar threads

Hangover2
Forwarded to devs Advisor Extension Recommends Installing Unsupported Google Authenticator Extension
Replies
1
Views
391
Sebahat.hadzhi
Sebahat.hadzhi
A
Forwarded to devs Multi-Factor Authentication (MFA) - New Accounts tab - JS error showing blank page
Replies
19
Views
9K
Alban Staehli
A
P
Forwarded to devs Event 'CP User Login' triggered despite invalid additional authentication step (MFA)
Replies
2
Views
727
Kaspar@Plesk
Kaspar@Plesk
N
Resolved Plesk MFA/Google Auth stopped working on version 18.0.64
Replies
4
Views
229
nogray
N
D
Forwarded to devs GIT extension 2.5.2 does not save token
Replies
6
Views
949
Kaspar@Plesk
Kaspar@Plesk
Back
Top