Comment 1 for bug 1041125

Thanks for reporting this. Staging and production 2-factor was recently decoupled and you seem to have found a few glitches that we missed :(

> I was prompted for a 2FA password. I entered the password from my GAuth app, but it didn't work.

This is because, although we removed all 2-factor devices on staging, we didn't update the "always require" setting. It doesn't seem to prevent altering devices but we should probably update it globally anyway, to avoid further confusion.

> I was able to add a device, but when I did, the barcode wouldn't scan and it asked me to enter with the same account name
> (<email address hidden>). When I entered the account & AES key, it overwrote my production account on GAuth.

We should have a difference name on staging. The setting "twofactor.twofactor_service_ident" has a default of "UbuntuSSO". We should over-ride this in the staging config to something like "UbuntuSSOStaging" or similar.