question

Hentie avatar image
Hentie asked

VRM Portal: 2-Factor Authentication

I have a VRM Account and 2-Factor Authentication is enabled for Security reasons.

Unfortunately, I lost access to my Authentication Tokens - Google Authenticator as my phone crashed last night. I am unable to login to the VRM portal. How can I remove the 2FA so I can login or can any VRM Admin/ Support please assist ASAP?

I already tried Password reset, but it still requests a 2-Factor Authentication token
VRM
3 comments
2 |3000

Up to 8 attachments (including images) can be used with a maximum of 190.8 MiB each and 286.6 MiB total.

Alexandra avatar image Alexandra ♦ commented ·
@Hentie

You will need your dealer on this one.

0 Likes 0 ·
nickdb avatar image nickdb ♦♦ commented ·
This seems to be an error with the 2FA. They should issue recovery codes for this purpose or allow a failback to mobile. Hopefully the vrm team can address this, zero chance your dealer can help.


0 Likes 0 ·
Warwick Bruce Chapman avatar image Warwick Bruce Chapman nickdb ♦♦ commented ·
I have raised this point with @Guy Stewart (Victron Community Manager) and I believe it is being discussed.
0 Likes 0 ·
2 Answers
Alexandra avatar image
Alexandra answered ·

@Hentie

Not a solution as yet. Except to pass it up the chain to a dealer / distributor as they have higher admin on this.

https://community.victronenergy.com/questions/107606/vrm-2-factor-token-lost-how-to-recover.html

3 comments
2 |3000

Up to 8 attachments (including images) can be used with a maximum of 190.8 MiB each and 286.6 MiB total.

Warwick Bruce Chapman avatar image Warwick Bruce Chapman commented ·
Distributor unable to help. Country manager has been informed.
0 Likes 0 ·
Show more comments
rwarps avatar image
rwarps answered ·

From what is posted here it is not clear to me how the problem was resolved.
Off course that I am here looking for answers indicated the issue was not addressed.

I still have an active session for the time being. However my phone is dead along with all my authenticators. Now I see the menu to change VRM two-factor authentication, but I can't make any changes without providing a verification code.
My distributor just provided me a box they don't deal with any of the services around Victron.

Whom do I contact or where do I go to have VRM two-factor authentication disabled in order for me to create a new authenticator?

So how do I go about resetting the two-factor authentication?

Indeed the suggested backup-codes would be a good solution.
Alternatively have one of the other verification methods as a recovery method should the authenticator verification not be possible.

For those with the same issue. It appears google authenticator is one of the few authenticators that allows you to transfer them to another device. This wont help me now but at least in the future I will be keeping a spare device to hopefully avoid more of these MFA mishaps.

EDIT:
For those stumbling upon this. You can actually do a MFA reset yourself from within the VRM app.

4 comments
2 |3000

Up to 8 attachments (including images) can be used with a maximum of 190.8 MiB each and 286.6 MiB total.

nickdb avatar image nickdb ♦♦ commented ·
Microsoft auth can be transferred as well.
0 Likes 0 ·
kevgermany avatar image kevgermany ♦♦ nickdb ♦♦ commented ·
Authy app works on multiple devices
0 Likes 0 ·
nickdb avatar image nickdb ♦♦ kevgermany ♦♦ commented ·
Sort of defeats the purpose of an auth app, it is meant to be located on one trusted device to prevent access from other devices. Cybersec teams would have a problem with that one.
0 Likes 0 ·
rwarps avatar image rwarps nickdb ♦♦ commented ·
That is correct, hence the preference for recovery codes or some recovery verification methods. Have the an authenticator app as a primary and sms as a backup. Though the recovery codes are the most secure (if kept safe) so preferably have those.


But if no such options exists people start looking for alternatives.
And well, I have not yet seen a way forward here. So does that mean I will need to abandon my VRM account and create a new one? Is that really the procedure?

Unfortunately quite a few organizations have no procedure in place for the scenario in which some one ether switches devices or a device is lost or destroyed.

0 Likes 0 ·