2026-02-24

Change in Email Two-Factor Authentication Behavior When Email Cannot Be Sent

Previously, when Email/SMS could not be sent due to a backend issue during email two-factor authentication, login was allowed without requiring the authentication code.

To improve security, this behavior has been changed so that login will fail by default when Email/SMS sending fails.

What Changed

When Email/SMS cannot be sent during email two-factor authentication, login will now fail.
Previously, login was allowed without the authentication code even when sending failed.

If You Want to Maintain the Previous Behavior

If you want to allow login when Email/SMS cannot be sent (e.g., when the registered phone number is not domestic), please add the following setting to the Constants page.

Name: REJECT_MFA_LOGIN_IF_SEND_FAILED
Value: 0

Planned Date for Implementation

Stable: Mid-April, 2026

About Kuroco Version Management

Contact

If you have any further questions regarding this matter, please feel free to contact Kuroco Support.

Support

Support

If you have any other questions, please contact us or check out Our Slack Community.

Contact form

Join Kuroco Slack community

Change in Email Two-Factor Authentication Behavior When Email Cannot Be Sent​

What Changed​

If You Want to Maintain the Previous Behavior​

Planned Date for Implementation​

Contact​