Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Encourage setting up a recovery factor #485

Open
iandunn opened this issue Oct 20, 2022 · 1 comment · May be fixed by #642
Open

Encourage setting up a recovery factor #485

iandunn opened this issue Oct 20, 2022 · 1 comment · May be fixed by #642
Labels
Enhancement Help Wanted
Milestone
0.10.0

Comments

@iandunn
Copy link
Member

iandunn commented Oct 20, 2022

Ideally users should setup two factors, one as a primary and one as a backup. e.g., WebAuthn as the primary and TOTP as the backup; or TOTP as the primary and Backup Codes as the backup.

Otherwise, they could get locked out of their account. On smaller sites an admin could reset them, but that's not practical on larger sites, or sites where the admin doesn't personally know the user.

Rough idea:

Screen Shot 2022-10-20 at 9 39 20 AM
@jeffpaul jeffpaul added this to the Future Release milestone Oct 20, 2022
This was referenced Nov 3, 2022
Closed
Open
@iandunn iandunn mentioned this issue Jan 25, 2023
Open
@kasparsd
Copy link
Collaborator

I really think this is a major step in ensuring that users configure their two-factors in a way that reduces their risk of being locked out of accounts. I'll work on a quick prototype for this.

@kasparsd kasparsd linked a pull request Sep 19, 2024 that will close this issue
Open
@jeffpaul jeffpaul modified the milestones: Future Release, 0.10.0 Sep 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Enhancement Help Wanted
Projects
None yet
Milestone
0.10.0
Development

Successfully merging a pull request may close this issue.

Encourage setting up a second recovery method WordPress/two-factor
3 participants
@kasparsd @iandunn @jeffpaul