Two-Factor Authentication (TFA) is a crucial security measure that adds an extra layer of protection to your Drupal website. However, there may be instances where users need to reset their TFA settings due to lost devices, forgotten codes, or changes in authentication methods. This guide will walk you through the steps to reset TFA on your Drupal website to ensure a seamless and secure experience for your users.
Before you begin
If can no longer get the access code from your TFA app (e.g. you've lost your phone), you will not be able to log in to your website after you activated TFA on your user account. You will need to get another Super User to reset TFA on your user account. Once that is done, you will be able to log in and enable TFA, like you did before.
The following instructions are for the other Super User who is helping you:
Step 1: Access the Drupal Admin Dashboard
To begin, log in to your Drupal admin dashboard using your administrative credentials. Make sure you have Super Useraccess.
Step 2: Navigate to User Management
In the admin dashboard, go to the "People" section. This is where you can manage user accounts, including their authentication settings.
Step 3: Locate the User Account
Find the user account that requires a TFA reset. You can use the search function to quickly locate the user by their username or email address.
Step 4: Edit User Account
Click on the "Edit" link next to the user's account. This will take you to the account editing page where you can manage various settings for the user, including their TFA configuration.
Step 5: Reset 2FA Settings
Click on the TFA option, which will take you to the page where settings are managed. Here, you will have options to reset the user's TFA settings. There are two options:
- Disable TFA: Temporarily disable TFA for the user, allowing them to log in without TFA and reset their application.
- Reset application: Clear the current TFA settings, forcing the user to reconfigure TFA upon their next login.
Choose the appropriate option based on the situation. For example, if the user has lost their TFA device or cannot access their codes, you might want to disable TFA so they can reset their application.
After selecting the appropriate reset option, you will need to enter your password to authorise the reset.
Step 6: Verify and Save
You will be taken to the TFA setup page for the user. Here you can provide the user with the text code, which they can use to generate a new verification code on their TFA app. We recommend you don't do this step, as it's better to get the user to manage their own setup. Completing STEP 5 has reset their application already.
You are done!
Step 7: Notify the User
Inform the user that their TFA has been reset. Provide them with instructions on how to set up TFA again, including any necessary steps they need to follow during their next login attempt. It's helpful to provide a direct link to your website's TFA setup guide.
How to setup two-factor authentication
Step 8: User Reconfiguration of TFA
The user will need to log in and reconfigure their TFA settings. Upon their next login, they will be prompted to set up TFA again. Ensure they have access to a device that supports the chosen TFA method (such as a smartphone with a TFA app installed).
Step 9: Verify Successful TFA Setup
Once the user has reconfigured their TFA settings, verify that the setup was successful. You can do this by asking the user to confirm or by checking the user management section to ensure TFA is active for their account.
Maintaining security of your website
Resetting TFA on a Drupal website is a straightforward process that ensures users can regain access to their accounts while maintaining security. By following these steps, administrators can efficiently manage TFA resets, providing support to users who encounter issues with their authentication methods. Maintaining a clear and documented process helps keep your Drupal website secure and user-friendly.
