Someone on Reddit figured out this particular ID is used by Gmail on Android. (This does not answer the question of how to find out more about any such ID in general; I’m not sure there is a way, as there’s nothing about this one in the cloud console either.)

For anyone else stumbling across this thread when googling for this annoying problem: the issue here is that using special characters in your password on the DataSource line is broken: Can’t use special character in password in the DataSource property · Issue #1541 · mattermost/mattermost · GitHub

As stupid as that is, the easiest way to work around it is to set a password consisting of just alphanumeric characters. You shouldn’t have much use for it outside this anyway, so as not to make it ridiculously insecure.

Summary

After setting up multi-factor authentication, losing the authentication code-generating device means losing access to the Mattermost account. While having MFA is excellent, I’m afraid to set it up for my admin user account (which is the one most critically needing it), because there’s no recovery mechanism in case I lose my authenticator device.

Steps to reproduce

1. Enable up multi-factor authentication in the System Console
2. Configure 2FA with an authenticator app on your phone
3. Break/lose/have your phone stolen
4. Try to log in

Expected behavior

Have a ”use a backup code instead” link next to the MFA token prompt.

Observed behavior (that appears unintentional)

There’s no alternative way to provide the MFA. You can not log in.

Possible fixes

None available AFAICT. There’s no way to add security keys as alternatives either.

There’s an existing Jira ticket ticket about this (and it’s linked to an abandoned PR), but it’s closed as ”moved to ProductBoard for prioritization”, and I don’t know what’s happened since then, as I don’t have access to ProductBoard (that I know of).

Mattermost version

v5.34.2

@stokito The client (nor the access point) never send the password; see this answer (and Wikipedia).