ENXF NET
Administrator
Staff member
Administrator
Moderator
+Lifetime VIP+
S.V.I.P.S Member
S.V.I.P Member
V.I.P Member
Collaborate
Registered
- Joined
- Nov 13, 2018
- Messages
- 20,120
- Points
- 823
Reputation:
It seems like it's best-practise to invalidate other sessions on 2FA activation/change ([1], [2]). At the moment, XenForo seems to invalidate other sessions on password change but not on 2FA activation/change.
The scenario goes like this:
Read more
Continue reading...
The scenario goes like this:
- Log in to the same account with two different browsers
- Enable 2FA in one of the logged-in sessions
- Observe that the other browser's session remains active
Read more
Continue reading...