logon different path taken

[doppler]

From time to time I have re-logon my account. Nothing different about that. And for security purposes important.

My home and work computer both did the same thing, just a day or two later (re: not on same day). I logged on and was redirected.

What was the different path ? I have security keys (re: Yubico) associated with MD. And checked it's still actively enabled. The security key procedure path was not taken. At home it's the first system I have to re-logon with. When I see the security key needed. I expect my work computer to do the same thing. Didn't happen for both. Yes, it has been awhile since last password/security key logon, I would expected it presently today.

Maybe something happened ? Worth investigating.
If the security cookie for logon needs to be refreshed, I would expect the security key (Yubico) to be reset as well.

 

[tristan9]

Ah yes, we're aware. We had a small outage in our authentication system on the 20th at 0015 UTC, which caused about 50% of users to be logged out forcefully, unfortunately.

Less of a bug, and more of a limitation of our authentication management software, alas, which is oversensitive to disruptions...

As for the difference in path taken, it is always using a second factor if any is set, but the one it picks is either the last one used on the device if cookies are present, or the oldest one added if not.

 

[doppler]

Makes sense, didn't want a known problem to become a possible exploit.