Title: False Invalid Password Error Last modified: February 13, 2018 --- # False Invalid Password Error * Resolved [Dane Morgan](https://wordpress.org/support/users/danemorgan/) * (@danemorgan) * [8 years, 3 months ago](https://wordpress.org/support/topic/false-invalid-password-error/) * I have this installed and set up on Six sites for one of my clients. * All six of the staff members are set up and working except for one member on one site. * For some reason, on this one site for this one person, when we activate TFA, he is rejected after entering his OTP with a password is incorrect for username error. * However, when I then deactivate TFA for his account he can log in with his password with no problem. * It isn’t a case of mistyping, because he, like all of this team, uses LastPass, and it always works without TFA and always fails with TFA. * And he is successfully using TFA on all five of the other sites the team owns. * The page I need help with: _[[log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Ffalse-invalid-password-error%2F%3Foutput_format%3Dmd&locale=en_US) to see the link]_ Viewing 7 replies - 1 through 7 (of 7 total) * Plugin Author [David Anderson / Team Updraft](https://wordpress.org/support/users/davidanderson/) * (@davidanderson) * [8 years, 3 months ago](https://wordpress.org/support/topic/false-invalid-password-error/#post-9970171) * Hi Dane, * What happens if he tries it in a browser which does *not* have LastPass installed? * (We have seen cases in which, after exhaustive testing, we found that LastPass is wrongly modifying what is being sent, which surprises everyone, but it can be demonstrated using the browser inspector tools). * David * Thread Starter [Dane Morgan](https://wordpress.org/support/users/danemorgan/) * (@danemorgan) * [8 years, 3 months ago](https://wordpress.org/support/topic/false-invalid-password-error/#post-9979845) * Same result when I had him use a browser that does not have the LastPass extension. I also asked him to change his password and try again and w got the same result. * And the odd thing is that he is having no problem on five other websites that all have the same theme and plugin set. - This reply was modified 8 years, 3 months ago by [Dane Morgan](https://wordpress.org/support/users/danemorgan/). Reason: Additional information * Plugin Author [David Anderson / Team Updraft](https://wordpress.org/support/users/davidanderson/) * (@davidanderson) * [8 years, 3 months ago](https://wordpress.org/support/topic/false-invalid-password-error/#post-9979854) * Hi Dane, * If you use your browser’s developer tools to inspect what’s actually in the POST data that is sent when logging in with the right, but rejected, password, then does it show the expected password? * David * Thread Starter [Dane Morgan](https://wordpress.org/support/users/danemorgan/) * (@danemorgan) * [8 years, 3 months ago](https://wordpress.org/support/topic/false-invalid-password-error/#post-9981907) * I’m six or seven states away from the user with the issue. Incidentally, I scanned his code and logged in as him without error. * We already tried logging in from a browser that does not have LastPass installed, and this is all working on five other identical sites. * Do you think trying a different authenticator like Authy or deleting and recreating his account on the site would have any effect? * Plugin Author [David Anderson / Team Updraft](https://wordpress.org/support/users/davidanderson/) * (@davidanderson) * [8 years, 3 months ago](https://wordpress.org/support/topic/false-invalid-password-error/#post-9982416) * Hi Dane, * > . Incidentally, I scanned his code and logged in as him without error. * You’re saying that it works for you on your computer, using the correct password, but not for him on his computer? In that case, you definitely want to tell him to open the Developer Tools in his browser so that he can confirm what password the browser sends to the site. Though you’d assume that this will be identical to what he typed in, this is not necessarily so (we’ve seen cases). * > Do you think trying a different authenticator like Authy or deleting and recreating > his account on the site would have any effect? * There is only one correct numeric code in every 30 second window, and so every authenticator will either be generating the same code, or be generating an unacceptable code. * Whether re-creating the user account might make any difference, would depend on the cause. I couldn’t say either way on the present info. Getting him to deploy his browser’s network inspector, as mentioned above, is the thing to do, to get more data on what’s going on. * David * Thread Starter [Dane Morgan](https://wordpress.org/support/users/danemorgan/) * (@danemorgan) * [8 years, 3 months ago](https://wordpress.org/support/topic/false-invalid-password-error/#post-9983842) * Okay, I walked him through getting the info from the network inspector that he is typing in and what the _POST variable is carrying over are *different* strings. * When I deactivate the TFA plugin for his account and he logs in, it posts the password correctly. - This reply was modified 8 years, 3 months ago by [Dane Morgan](https://wordpress.org/support/users/danemorgan/). * Plugin Author [David Anderson / Team Updraft](https://wordpress.org/support/users/davidanderson/) * (@davidanderson) * [8 years, 3 months ago](https://wordpress.org/support/topic/false-invalid-password-error/#post-9984800) * Hi Dane, * This indicates that there is something in the browser – if not LastPass, then something else – that is changing the password field after the login process has begun showing the ‘TFA code’ request. (All elements – i.e. username, password, TFA code are submitted together – they’re all still in the browser until the final submission). LastPass is one extension that does this, but it would seem that you’ve found another. You could use a process of elimination to find out.( i.e. Confirm the diagnosis by using a device that has *never* logged into the account, in ‘private’ mode with no extensions loaded… and then work from there with a process of elimination). * David Viewing 7 replies - 1 through 7 (of 7 total) The topic ‘False Invalid Password Error’ is closed to new replies. * ![](https://ps.w.org/two-factor-authentication/assets/icon-256x256.png?rev=1116775) * [Two Factor Authentication](https://wordpress.org/plugins/two-factor-authentication/) * [Frequently Asked Questions](https://wordpress.org/plugins/two-factor-authentication/#faq) * [Support Threads](https://wordpress.org/support/plugin/two-factor-authentication/) * [Active Topics](https://wordpress.org/support/plugin/two-factor-authentication/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/two-factor-authentication/unresolved/) * [Reviews](https://wordpress.org/support/plugin/two-factor-authentication/reviews/) ## Tags * [OTP](https://wordpress.org/support/topic-tag/otp/) * [password](https://wordpress.org/support/topic-tag/password/) * 7 replies * 2 participants * Last reply from: [David Anderson / Team Updraft](https://wordpress.org/support/users/davidanderson/) * Last activity: [8 years, 3 months ago](https://wordpress.org/support/topic/false-invalid-password-error/#post-9984800) * Status: resolved