Hi –
I recently tried to login with snapcraft login and was asked to complete two-factor authentication. The trouble is, I cannot figure out how to set up two-factor authentication in Ubuntu One.
I’m guessing that this is holdover from when I was a Canonical employee, and that bit in a DB was never set back to FALSE (meaning no longer required) when I left. If it is required, then great, can some tell me how to set it up?
My snap store login is jsseidel.
Spence
Do you see an “Authentication devices” item in the menu to the left on https://login.ubuntu.com/?
There’s more information about the 2FA system here: https://help.ubuntu.com/community/SSO/FAQs/2FA
I used to be able to see it, if I remember correctly, but it’s no longer an option:
The help page you referenced does seem to indicate that it should be there but that I would need to add myself to the SSO 2-factor testers Launchpad group to do it. Is this a requirement to do the snap login?
The docs don’t mention it, which is why I was wondering if it was unique to my account: https://docs.snapcraft.io/releasing-your-app
So I guess the next question is: did you have 2FA enabled on your account the last time you used it while working at Canonical?
Maybe what’s happened is that it is still set up with whatever device you were using before (e.g. a Yubikey or Google Authenticator), and is asking for those codes? Now that you’re no longer automatically opted in to 2FA support, the device is still configured but the settings page is hidden. If you’ve still got that device, do the codes it generate work?
Adding yourself to the sso-2f-testers Launchpad group is probably enough to display the settings page. From there, you could disable the device or configure a new device. Publishing snaps doesn’t require 2FA, but it still offers good protection for your account.
I don’t think he can add himself to sso-2f-testers. You may want to jump on #canonical-sysadmin on freenode to sort this. (they just sorted it for someone else today in the same circumstance).
that was me, and can confirm it was painless - just know that you’ll likely need to reset 2FA on the account if you no longer have access to your previous MFA device, and that may be a bit of a paper cut since you’ll have to prove identity.
Thanks everyone. I will hop onto freenode to get this sorted. Or, I suppose I could apply for another Canonical job . . .
Hey folks,
Since @jsseidel seems to know what he’s doing, I’ll add him to ~sso-2f-testers now (not being in this group is why he can’t wrangle his 2fa devices, as ya’ll observed). That way he can e.g. remove his 2FA devices himself. @jsseidel once you’ve done so, you can poke here and I’ll remove the “2FA required” bit.
I can’t do that preemptively and based on a forum request because at this point I don’t know if you’re a hacker trying to get 2FA disabled to get into the account evilly 
but doing the above requires you to have access to the account and to the configured 2FA device (I hope you still have it!).
If you don’t, let me know and I’ll contact you by e-mail with further instructions.
Thanks. I no longer have the device. Can we switch to the email on the account?
Sure, I’ll contact you in a bit.
the same issue happens to me. I have asked to join ~sso-2fa-testers group. please help to approve it.
my email address is sangshuduo@gmail.com
Thanks,
Shuduo
