TapaTalk bypasses 2-step authentication

MarcinT
5
Joined: May 17th, 2017, 5:55 pm

May 17th, 2017, 5:59 pm

Two-step auth is important to us, and TapaTalk is great, so it would be great if there was a way to fix this problem.

Any help would be appreciated,

Thanks!
Reply

User avatar
Shambles
Joined: October 20th, 2010, 5:28 pm

May 17th, 2017, 6:14 pm

Are you by any chance using the Beta release (2.1) of SMF ?
Reply

MarcinT
5
Joined: May 17th, 2017, 5:55 pm

May 17th, 2017, 6:15 pm

SMF 2.0.13
Reply

User avatar
Shambles
Joined: October 20th, 2010, 5:28 pm

May 17th, 2017, 6:20 pm

SMF 2.1 has 2FA (two factor authentication) but 2.0.13 does not.

Have you installed a modification to your 2.0.13 system that provides 2FA ?
Reply

User avatar
Shambles
Joined: October 20th, 2010, 5:28 pm

May 17th, 2017, 6:22 pm

Hang on - do you mean activation by email?
Reply

MarcinT
5
Joined: May 17th, 2017, 5:55 pm

May 17th, 2017, 6:28 pm

It bypasses both, by email and app.

I have installed a modification to 2.0.13 that provides 2FA, yes.
Reply

User avatar
Shambles
Joined: October 20th, 2010, 5:28 pm

May 17th, 2017, 6:38 pm

Well, for the email issue you could hit Admin > Configuration > Tapatalk Settings and untick "In-App Registration" and "Automatic approval for user registered from Tapatalk". That will at least force new members to use a browser to register and prevent members who have existing Tapatalk IDs being able to automatically join.

As for the 2FA system you have, it would be difficult for the Tapatalk Development Team to be able to cater for all possible mods in an SMF system, so you can't really expect them to cater for that.

Which 2FA mod is it you're using?
Reply

MarcinT
5
Joined: May 17th, 2017, 5:55 pm

May 17th, 2017, 6:44 pm

Thank you for your response. The mod I'm using is called 'SMFPacks Two Factor Authentication (Version 1.0.7)'.
Reply

MarcinT
5
Joined: May 17th, 2017, 5:55 pm

May 17th, 2017, 6:54 pm

Ok, I contacted the creator of this plugin, and he'll be looking into this problem.

Thanks again for the help!
Reply

User avatar
Shambles
Joined: October 20th, 2010, 5:28 pm

May 17th, 2017, 6:55 pm

Thought it might be that one (I was just curious).

You'll see in the mobiquo/include folder that Tapatalk provides its own LogInOut.php script which supplants the SMF-issued login system (and hence your 2FA mod).

Can't see that being changed by the Tt team anytime soon I'm afraid, though it would be handy for them to provide a hook which SMFpacks could make use of.
Reply