Slack Mobile Problems After Enabling 2FA

Two Factor Authentication (2FA) is an important part of ensuring account security. This typically involves linking your account to a mobile authenticator app, and after logging in via a normal username and password, adding a time-limited code from the app. It's increasingly-common to see online services require this secondary level of security, particularly from users with admin access or heightened privileges in an app.

Slack have offered this feature for a while, and recently announced a mandate for all admin users to have this in place before the end of February 2024. However, after enabling this on my account, a fun bug occurred - the mobile app signed me out of my workspace, and refused to re-add me. Fixing this involved jumping through a few hoops, documented below.

Logged out

After enabling 2FA on the desktop, when I opened the app I noticed I was signed out of my Square1 workspace. Fair enough - adding 2FA usually involves a re-authentication, so this pattern makes sense. Within Slack, I go to my workspaces list, and see my Square1 one there. Slack still recognises that I'm a member of this workspace, so I press "Add" to presumably authenticate again.

Signed out of workspace, stuck in a loop!
Signed out of workspace, stuck in a loop!

Problem. Pressing "Add" causes a "Sorry, something went wrong, please try again" error. Restarting the app and even restarting the phone made no difference - it looks like there's some weird state my account was in where Slack wouldn't even attempt to add the workspace. During this time, my desktop login was still fine, it's just the mobile device where it wouldn't work. Probably a good thing for my work-life balance and desire for a quiet life! But something to get fixed all the same.

The Fix

The workaround is a little non-obvious, with a few hoops to jump through.

First, go to the workspaces list, and click the "i" beside your email address. This will show that your email address has been verified on this device. Click "Revoke email confirmation".

Revoke confirmation for the mobile device
Revoke confirmation for the mobile device

After that is done, in the same workspace view, you'll see a prompt to verify your email address. Click it, and an email will arrive in a matter of moments.

Re-confirm your email address on the mobile device
Re-confirm your email address on the mobile device

Clicking that link will re-open the app, showing a list of the workspaces you have available to add. Something about this process seems to reset the slack authentication state, so now when I click the Square1 workspace, I get prompted to authenticate, using my 2FA app.

Select workspace, then re-authenticate
Select workspace, then re-authenticate

Once I enter the auth code, I'm back in, and all is well. Whatever weird login state I got stuck in is resolved, and normal service is resumed!


CyberWiseCon 2025 Speaker

CyberWiseCon 2025

In May 2025, I'll be giving a talk at CyberWiseCon 2025 in Vilnius, Lithuania. From selling 10 Downing St, to moving the Eiffel Tower to Dublin, this talk covers real-world examples of unconventional ways to stop scrapers, phishers, and content thieves. You'll gain practical insights to protect assets, outsmart bad actors, and avoid the mistakes we made along the way!

Get your ticket now and I'll see you there!


Share This Article

Related Articles


Lazy loading background images to improve load time performance

Lazy loading of images helps to radically speed up initial page load. Rich site designs often call for background images, which can't be lazily loaded in the same way. How can we keep our designs, while optimising for a fast initial load?

Using Google Sheets as a RESTful JSON API

Save time by not building backends for simple CRUD apps. Use Google Sheets as both a free backend and JSON API endpoint!

Serverless caching and proxying with Cloudflare Workers

Using Cloudflare Workers we can quickly build an effective API proxy, without spinning up any additional hardware. Whether its needing a CORS proxy, speeding up slow APIs via caching, or rate limit management on stingy APIs, this serverless tech is as easy to set up as it is powerful.

Idempotency - what is it, and how can it help our Laravel APIs?

Idempotency is a critical concept to be aware of when building robust APIs, and is baked into the SDKs of companies like Stripe, Paypal, Shopify, and Amazon. But what exactly is idempotency? And how can we easily add support for it to our Laravel APIs?

Calculating rolling averages with Laravel Collections

Rolling averages are perfect for smoothing out time-series data, helping you to gain insight from noisy graphs and tables. This new package adds first-class support to Laravel Collections for rolling average calculation.

More