Support » Plugin: Keyy Two Factor Authentication (like Clef) » Keyy & JetPack Protect “Conflict”

  • Resolved LisaBurger

    (@lisaburger)


    I ran into an issue with my testing of Keyy.

    In addition to whatever 2FA plugin we use (currently Clef), we also install JetPack with the Protect module turned on. Protect, formerly BruteProtect, uses crowd-sourced information to block known IPs of botnets from even reaching the login page. It’s nice!

    Apparently JetPack/Protect also adds a “Prove Your Humanity” math-style captcha to the login page at times. With Clef, you could hide the login fields (user/password) and this captcha completely from the login page.

    I ran into a situation where the Prove Your Humanity field popped up in the Keyy/WordPress login form. I didn’t fill it and I locked myself out of the site, even when using the Keyy app and QR code.

    Of course, now I cannot reproduce this to show you a screenshot…

    I know this is an early beta and I’m thrilled this project is happening! Ultimately, I would like to see Keyy, once setup, completely override the default login form (unless you use the override URL). As someone who manages a lot of WordPress sites, the easier I can make it for my users, the better! If they use a username/password field, they will use those and forget about the Keyy app…and if this math captcha appears, all bets are off.

Viewing 5 replies - 1 through 5 (of 5 total)
  • Thread Starter LisaBurger

    (@lisaburger)

    Spoke to soon…here’s an example:
    Keyy login with JetPack captcha

    If you remember to enter the math captcha before scanning the QR code, you often get the error: “The Keyy scan did not succeed. Please try again.” Note, I can’t tell if this is a Keyy issue independent of this captcha or not, as sometimes you can login.

    If you forget to enter the math captcha, you get taken to a separate screen to enter the math captcha and then redirected back to the login screen.

    Either way, it’s confusing!

    • This reply was modified 4 years, 5 months ago by LisaBurger.
    • This reply was modified 4 years, 5 months ago by LisaBurger.

    Hi,

    Sorry for the delay can you use the “report a problem” feature in the app so that we can get the log file from the device.

    This should allow us to check if it’s the app that is the issue or if there is a conflict between the two plugins.

    Best Wishes,

    Ashley

    Thread Starter LisaBurger

    (@lisaburger)

    Will do. Thanks, Ashley.

    Hi Lisa,

    You will want to fill in any other elements of the login form that are necessary before the Keyy scan. It’s basically impossible for Keyy to know which other elements that other plugins may have added are absolutely required. As such, the user has to make up the distance, by filling those in first.

    David

    I’d also say that, if using Keyy, then you may as well turn off JetPack Protect. (I used + loved BruteProtect, BTW… I suggested the original idea for it; someone else on the mailing list then did the hard work to create it: http://wordpress-hackers.1065353.n5.nabble.com/Limit-Login-Attempts-tt41123.html#a41142 ). If all the logins on the site are protected by Keyy, then JetPack won’t be able to refuse any logins that Keyy isn’t already refusing.

    David

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Keyy & JetPack Protect “Conflict”’ is closed to new replies.