MFA can no longer be disabled by email, now that dashboard uses MFA
closed
Qie Niangao
According to reports of folks who have lost their authenticator-hosting phone (please see https://community.secondlife.com/forums/topic/521592-question-lost-my-phone-and-now-unable-to-access-my-account-due-to-mfa/), it's no longer possible to access the "Disable Multifactor Identification via Email" selection because the whole dashboard is now behind MFA for their accounts.
In fact, they can't access Canny feedback either, which is why I'm submitting this for them. (I did try to use an unauthenticated Chrome browser and ran into the same problem, so it appears to repro.)
I understand the dashboard was only recently MFA-protected, so this seems plausible, but some alternate flow is going to be needed. (It doesn't seem practical to send these all through Support—and if that's the direction going forward, the dashboard option needs deletion for "If you have lost your authenticator and would like to remove your MFA…" which is no longer possible.)
Log In
Shrike Linden
closed
Thank you for the feedback! It's actually intentional that MFA cannot be disabled through email. We prefer that residents who are having trouble with MFA contact support to resolve the issue. Have a good day!
Nyx Onyx
Recovery codes +support multiple TOTP generators + Passkeys, pretty please. Recovery through e-mail or SMS alone is not a great idea however: e-mail accounts that get broken into opens doors to a whole lot of sites through recovery e-mails, and SMS hijacking is not very difficult. In the event that a phone or tablet gets stolen these also often are set to show contents of SMS and e-mails on the lock screen.