I have TFA enabled in Joomla 3.3.6. It works fine when I login with the Joomla login page.
The CB 2.0.4 login page on my site doesn't display a "Secret Key" field. And it allows users with TFA enabled to login without having to type in a secret code.
We pass the code to Joomlas login API. I've no idea how Joomlas login API would allow you to bypass it. CB doesn't have its own login behavior. It sends the credentials to Joomla and Joomla oks it. If it doesn't then an error is thrown. The only way this behavior can be bypasses is with an API login like from CB Connect.
Are you using Google or YubiKey two factor authentication? Will retest and see what could be going wrong.
Kyle (Krileon) Community Builder Team Member Before posting on forums:
Read FAQ thoroughly
+
Read our Documentation
+
Search the forums CB links:
Documentation
-
Localization
-
CB Quickstart
-
CB Paid Subscriptions
-
Add-Ons
-
Forge
-- If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
-- If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please
send me a private message
with your thread and will reply when possible!
-- Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
-- My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
krileon
