Cannot access Trilium WEB : how to disable MFA ?

[Potjoe-97]

Hi,

I'm having an issue on my web trilium instance. It's installed as a docker container, running the last version.
I did have some troubles setting up TOTP MFA, and I might have misconfigured it. I want to disable it to start over, but I cannot find how to do it.
When I set docker env key TOTP_ENABLED to false or when I delete the key, the login page still asks for a TOTP. How to disable MFA in this situation ?

Thanks for your help

[eliandoran]

@Potjoe-97 , unfortunately I believe the documentation is out of date.
There was some refactoring done on the TOTP and I think the option of whether TOTP is enabled is now stored in the database.

If you are comfortable editing the database, try setting mfaEnabled to false in the options table.

@JYC333 , I believe we need to update the documentation and perhaps add some kind of safeguard to bypass the TOTP if it failed to work properly.

@Potjoe-97 , if you are using sync, the TOTP might interfere with that so perhaps the feature is not ready for production use yet.

[JYC333]

@JYC333 , I believe we need to update the documentation and perhaps add some kind of safeguard to bypass the TOTP if it failed to work properly.

Will update the docs soon.

[Potjoe-97]

try setting mfaEnabled to false in the options table.

Thank you very much, it worked, and I can access Trilium Web again.

the TOTP might interfere with that so perhaps the feature is not ready for production use yet.

I do use sync, but I think I made a mistake copy-pasting various secrets.. Anyway, a failsafe could be an improvement. Thank you for your help !

[Potjoe-97]

[SiriusXT]

@JYC333 Additionally, it's best to require the user to enter a TOTP code for verification after generating the TOTP secret. TOTP should only be enabled if the verification is successful, to ensure the user has saved the secret and that their device time is synchronized. Currently, after generating the secret, TOTP is enabled even if the page is refreshed directly, without needing to click the "OK" button.