Two-Factor Authentication Issue with standard user

I created a standard user and enbled 2FA, but when I type in the 2FA code generated by Google authenticator it sends me back to the password input field without displaying the “Invalid or missing 2FA token” message.

I have 2FA enabled for the admin account and that works fine and shows that error if the 2FA was incorrect.

I’m using Hestia v1.2.3

Strange, you have scanned the QR code and you are using this code?

Let me check if I can replicate it…

Yes, I’ve scanned the QR and I’m using the generated code.

Don’t have any issues here…

Is your device insync with the time? 2FA is a bit sensitive about time difference :slight_smile:.

I’m using the same device with the admin account and that works fine.

Cant say where a potential issue is, the scripts are the same for all users. I’ll do a check if I can reproduce the issue, when I got some free time.

I did some testing and found that when I use a complex password for the standard user for example:


It won’t login with the generated 2FA code. It just sends me back to the password input field without any error.

When I choose a simpler password like:


I can login with a generated 2FA code without an issue.

I tested this on my VPS and then a local install with the same result.

Have the same issue as “admin” user with this password…


Current issue is the double quote. Will add it to my to do list…

Issue should be solved in next release.

Great, thanks for looking into it :slight_smile:

Was the issue the " in the password?

Or actually the lack of input securing in a input field

:blush: We have now a test version available but not “advised” for a live envoirment but there is should be fixed.

1 Like