Passwort reset doesn't work with 2-Factor-Authentication if you have a new Phone
Description:
If you set 2 Factor Authentification in the fairapps.net Account settings and you want to reset your passwort and change the device it's not possible.
On the first try it shows
Please specify device name.
Second try says
Invalid authenticator code.
Steps to Reproduce:
Login on fairapps.net. Go to your profile and activate 2FA. I used FreeOTP on android. If you want to reset the password then, you have to use an Authenticator. I deleted my token before, because if you change your phone, because you lose it or it breaks, that would be the case. I cannot login. I guess because the newly generated token doesn't match the old one. Even clicking on the
Unable To Scan?
and using the given code doesn't work out.
Why this is important:
Because changing phone results in being unable to login to fairlogin, if two factor authentification is enabled. You cannot login into your account without assistance of an administrator. We have to delete the device used for 2FA from keycloak.
How it should work:
It would be nice to have a way to disable 2FA on user side with password only.