Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Backup Codes (Improve 8 to 12 numbers) #374

Open
JohnPlanetary opened this issue Jul 7, 2020 · 3 comments · May be fixed by #653
Open

Backup Codes (Improve 8 to 12 numbers) #374

JohnPlanetary opened this issue Jul 7, 2020 · 3 comments · May be fixed by #653
Labels
Backup Codes
Milestone
0.11.0

Comments

@JohnPlanetary
Copy link

It would be nice to improve the "Backup Codes" option from 8 numbers to 12 numbers.

Example: 97997695 > 520184887438

These should probably mean than in a online attack scenario (assuming one thousand guesses per second) it should jump from 1.29 days for 8 numbers, to 35.33 years for the 12 numbers.

I think everyone would feel a little less concern with random online guessing with these small improvement.

For human usability maybe use dashes between numbers: 520184887438 would look: 5201-8488-7438
@My1
Copy link

My1 commented Aug 1, 2020

I'd use spaces rather than dashes but making them more readable is a very nice idea.

These should probably mean than in a online attack scenario (assuming one thousand guesses per second)

ratelimiting might be useful here.

but 12 numbers are defintiely not a bad idea.

@iandunn
Copy link
Member

iandunn commented Oct 19, 2022

#477 / #482 is another approach to solve this problem. It seems better to me, since it detects and fixes the huge problem of the password being compromised.

@jeffpaul
Copy link
Member

Perhaps a similar approach like in #419 where we introduce a filter for someone to enable this but otherwise have the default stay as 8?

@jeffpaul jeffpaul added this to the Future Release milestone Sep 17, 2024
@kasparsd kasparsd linked a pull request Dec 2, 2024 that will close this issue
Open
@jeffpaul jeffpaul modified the milestones: Future Release, 0.11.0 Dec 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Backup Codes
Projects
None yet
Milestone
0.11.0
Development

Successfully merging a pull request may close this issue.

Add filters for email token and backup code length WordPress/two-factor
5 participants
@kasparsd @iandunn @jeffpaul @My1 @JohnPlanetary