Hi there! I use Duo Security as a 2FA single-use password generator for Cloudflare. It has worked flawlessly ever since I’ve configured it… until today I upgraded my iPhone to a more recent model. After restoring everything from the backups, and while the Duo application correctly identifies that I use it for Cloudflare, since the original configuration was tied to the older iPhone, the new one requires a new confirmation/registration.
But CloudFlare, to allow any changes/modifications of the 2FA device/system that is tied to the account, needs some extra authentication… from the original device/system used to set it up on the first place… which sort of makes sense… unless, of course, you don’t have it any more!
Other applications give alternative options to ‘reset’ the 2FA system in use, such as providing a QR code to scan, or a special sequence of numbers to reset the app used to generate the single-use code combination — or even, such as in the case of those applications using Duo Prompt (such as WordPress), you can even use the Duo Restore feature (which works like a charm in WordPress!).
But sadly Cloudflare doesn’t have any such choice on their backoffice!.. the only option is to authenticate with the existing Duo app and then remove it to set up with a new one. It doesn’t even allow changing, say, to a competitor, and back again; once that session is expired, there is no way to get back in. That’s an egg-and-chicken problem: to change the ‘Get Working’ message on the Duo app, I need to reset CloudFlare’s ‘link’ to Duo Security; but to do so, I need to have the old app on the old iPhone working (which, of course, it isn’t; the iPhone was already factory-reset and sent to another person…).
So, is there an alternative way to I ‘force’ the ‘Get Working’ message on the Duo Mobile app to actually work again with Cloudflare?
(And before you ask, yes, I’ve also asked the very same question on Duo’s own Discourse boards — before I get pushed and bumped from one board to the other i.e. ‘That’s a Duo issue, talk to them’ vs ‘That’s a Cloudflare issue, talk to them’)