2FA の有効化に問題があるというメールを受け取りました。しかし、私は以前にこれをオンにしたり、関連する設定を行った覚えがありません。これを設定する必要がありますか?
2FA was added back in early March. See Discourse 2.0.0.beta4 Release Notes. You (a Discourse site admin) shouldn’t need to do anything.
@featheredtoast may have some suggestions on what to try (or to ask the user to try) to get this working.
Thanks 
Is there anyway we can disable it? I haven’t looked into it so not sure how it works, but I don’t like the idea of having to rely on (or send user info to) a third party.
I don’t believe it can be disabled, no. Also, no data is being sent to a third party.
Here’s a quick summary of 2FA: Discourse implemented the TOTP (time-based one time password) algorithm. When a user decides to enable 2FA they are presented with a QR code (or a long string of characters). That string is used by an authentication app (like Google Authenticator, Microsoft Authenticator, Authy, YubiKey, etc.) to generate a new 6-digit password every 30 seconds. Those apps are in no way connected to your Discourse site, nor do they have any user info. They simply generate a code every 30 seconds. Your Discourse site also knows what those codes are, so when a user tries to log in, after entering their username and password they’re asked for a code. They check their app, enter the code, and the server checks if it’s the same code it expected.
Does that make sense?
A good thing to check is whether or not the server time is in sync with the world (generally through ntp).
Having an incorrect time can cause some interesting errors as this protocol is time based.
Thanks both
Does it need to connect to a third party to learn/check what those codes are? Or is it all generated on my server?
Just checked the time and it’s fine… would timezones matter? I’m guessing the person is in a different timezone to that of what is set for the server.
Ask the user to use the “Time correction for codes” operation in the app’s settings.
Not at all - it is 100% on the server.
No. It’s based off UTC; not local time.
What may help is if you want to check what the server’s opinion of the current code is you can use e.g. from the rails console:
pry(main)> User.find_by(username: "Supermathie").totp.now
=> "319971"
こんにちは、管理者が誰かの二要素認証を無効にすることは可能でしょうか?
そのようなオプションがあるようには見えないのですが、コミュニティの一人がロックアウトされており、2FA が設定されているためログインできない状況です。
ユーザーインターフェースから2段階認証を無効化することはできません。無効化するには Rails コンソールへのアクセスが必要です。詳細は How to disable 2FA - #11 by featheredtoast をご覧ください。
これに関するちょっとしたアップデートです。管理者は、各ユーザーの /admin/users ページから他のユーザーの 2FA を無効にできるようになりました。