Backup Codes (Improve 8 to 12 numbers)

[JohnPlanetary]

It would be nice to improve the "Backup Codes" option from 8 numbers to 12 numbers.

Example: 97997695 > 520184887438

These should probably mean than in a online attack scenario (assuming one thousand guesses per second) it should jump from 1.29 days for 8 numbers, to 35.33 years for the 12 numbers.

I think everyone would feel a little less concern with random online guessing with these small improvement.

For human usability maybe use dashes between numbers: 520184887438 would look: 5201-8488-7438

[My1]

I'd use spaces rather than dashes but making them more readable is a very nice idea.

These should probably mean than in a online attack scenario (assuming one thousand guesses per second)

ratelimiting might be useful here.

but 12 numbers are defintiely not a bad idea.

[iandunn]

#477 / #482 is another approach to solve this problem. It seems better to me, since it detects and fixes the huge problem of the password being compromised.

[jeffpaul]

Perhaps a similar approach like in #419 where we introduce a filter for someone to enable this but otherwise have the default stay as 8?