Google Authenticator one time code is same across multiple virtualmin accounts

1 post / 0 new
#1 Mon, 05/06/2019 - 19:20
adamjedgar

Google Authenticator one time code is same across multiple virtualmin accounts

Can someone else check to see if they are having this problem...

I have 2 factor authentication enabled for accounts on my virtualmin system (including the root account)

Trouble is, i can use the same 2 factor authentication code for both the root account and a standard user account...which makes the entire thing pointless as any valid user, who may have hacked the root account password via other means, can then use their own code to log in as root once the root password is known.

I appreciate that a password is supposed to be kept safe, however, two factor authentication is supposed to provide an additonal layer of security. Mine as present does not appear to be doing that.

Is this a virtualmin problem or a google authenticator problem?

I figure the only way to know is to have someone else on this forum setup a couple of authenticator accounts and see what happens.

Could i also add, both my root user and the Virtual Server Owner account in question uses the same microsoft email account (not sure if this is relevant or not)