OK. I've reproduced this issue and resolved it several times and taken screenshots all the way.
It's very easy to reproduce using a default installation of Firefox on Windows.
This post is a rant with instructions on how Intuit can break their own system and witness the pain of their poor users. For end users, skip to my next post with detailed instructions on how to fix it.
How on Earth Intuit haven't picked this up in three years and fixed it is nothing short of astounding.
If anyone on this forum has access to the development team, please alert them.
It's annoyed the hell out of me for years and after breaking it again on purpose today, I can see why. I was using the discontinued Windows App for years to workaround this very obvious, very easy to reproduce bug. Yes, it's a bug, clear and simple. It's caused by the default Enhanced Tracking Protection built into Firefox.
Unfortunately, once you're in the never ending loop of 2FA insanity, turning Enhanced Tracking Protection off doesn't fix it. Nor does deleting all Intuit cookies.
My guess is a security token is created on the server associated with your account but the local token is missing due to the tracking protection. Switching 2FA on and off doesn't trigger this local token to be created but changing the type of 2FA does trigger the token to be created locally.
To reproduce this issue for the Intuit testers,
- Enable 2FA on a working account
- Logout
- Delete all Intuit cookies
- Turn on enhanced tracking protection in Firefox
- Login
- Turn off 2FA
- Logout
From here, you'll always be prompted for the Google captcha and the 2FA code from your phone. Nothing will resolve this until you change your method of 2FA with Enhanced Tracking Protection turned off.
