WordPress.org

Ready to get started?Download WordPress

Forums

Duo Two-Factor Authentication
[resolved] Error logging in (7 posts)

  1. andymatthews
    Member
    Posted 4 months ago #

    I am unable to log into my site at work - fortunately I have logged in at home and have about 25 days left before I need to re-authenticated.

    I get the following error:

    Error: The application secret key passed to sign_request() must be at least 40 characters.

    And then

    Access denied

    I'm concerned I will be locked out of my blog. Is there a fix for this? Many thanks, Andy.

    https://wordpress.org/plugins/duo-wordpress/

  2. joe.davola
    Member
    Posted 4 months ago #

    Access denied error after upgrading to v2.1. This is after I ran into the 500 issues with v2.0

    I've had it with your amatuer coders. I'm uninstalling this plugin and switching to a different service.

    P.S.

    If anyone else is getting locked out of their WordPress site because of this shoddy plugin, you can rename the Duo plugin folder to disable it. You will need to do this via FTP and go to wp-content/plugins. This will allow you to log into the admin area and promptly remove this garbage plugin.

  3. pixeldynamo
    Member
    Posted 4 months ago #

    Same problem here, already reported to support, but not acknowledged.

  4. Per Soderlind
    Member
    Posted 4 months ago #

    Same here, had to revert back to 1.8.1

    I'm using w3 total cache and cloudflare

  5. Dooo
    Member
    Posted 4 months ago #

    I'm still having problems too, it doesn't login. I reverted back again to 1.8.1. Please fix it, I liked your work before 2.0.

  6. Duo Security
    Member
    Plugin Author

    Posted 4 months ago #

    We're very sorry about the problems this issue has caused for all of you. We understand how upsetting it is to be locked out of your sites/accounts.

    To get the best support possible, I ask that each of you email support@duosecurity.com for one-on-one assistance.

    As for the error "The application secret key passed to sign_request() must be at least 40 characters.", this key is the output of wp_salt(), which should always be well over 40 characters if the default wp_salt function is being used.

    Some plugins can replace the wp_salt function, causing it to return unexpected values, potentially weakening the security of your site. For assistance in finding the offending plugin, please email support@duosecurity.com

    Thanks!

    P.s. For those that have asked, we perform extensive testing on a number of popular hosts, with many popular plugins, to mimic as wide a range of our customers as possible. We also work with select customers, directly, to beta test new versions of our plugin before general release.

    If any of you are interested in beta testing (with the assistance of an Engineer live on the phone through the entirety of the installation!) please email us at support@duosecurity.com and let us know that you'd like to help! We have some openings right now that we would love to get filled!

  7. Duo Security
    Member
    Plugin Author

    Posted 4 months ago #

    The v2.2 update just released should resolve this issue. If you are still experiencing problems after the update, please direct your support requests to support@duosecurity.com for assistance.

    Thanks!

Reply

You must log in to post.

About this Plugin

About this Topic