Two-factor login on staging site

I have a client that forced 2-factor authentication for staff. They have a staging site that restores backups from the production site.

My security key won’t work on the staging site, but Google Authenticator codes will.

I don’t know if this is a feature, a bug, or something about how security keys work.

1 Like

Can you define what you mean when you say security keys “won’t work”? Do you get any errors? Can you add security keys in your second factor preferences successfully? Is the problem with using them on login?

1 Like

Sorry. That wasn’t very helpful.

“Try a different security Key. You’re using a security key that’s not registered with this website”. I guess maybe that’s coming from Chrome and it remembered the hostname of the production server?

2 Likes

Thanks for that, makes perfect sense. Security keys as per the specification are tied to a single hostname as the “Relaying Party”, so keys defined in production will not work for staging.

5 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.