Show a notice on login when the user has no recovery codes recorded, is running low, or has logged in with a recovery code. #358
Conversation
| ! $used_recovery_code && | ||
| ( | ||
| // They have ample codes available.. | ||
| $codes_available > 3 || |
There was a problem hiding this comment.
| $codes_available > 3 || | |
| $codes_available > 5 || |
This should be 5 to match the 2FA interface.
There was a problem hiding this comment.
I'm tempted to leave this at 3 despite the settings UI switching to a warning at 5, it makes sense that we'd nag on login later than we'd nag at them just casually browsing the settings UI.
Mind you, having used more than 50% of your codes is probably a sign you use them fairly often..
wordpress.org/public_html/wp-content/themes/pub/wporg-login/recovery-codes.php
Outdated
Show resolved
Hide resolved
|
This looks good. Our interfaces uses "Backup Codes" as opposed to "Recovery codes". We should remain consistent. |
Co-authored-by: Steven Dufresne <steve.dufresne@automattic.com>
I was thinking the same thing. We should probably standardise on Recovery Codes, as that's what we show on the Login page after the upstream rename WordPress/two-factor#521 |
wordpress.org/public_html/wp-content/themes/pub/wporg-login/recovery-codes.php
Outdated
Show resolved
Hide resolved
Co-authored-by: Steven Dufresne <steve.dufresne@automattic.com>
…ne are saved or the user is running really low on them. This will hopefully reduce the number of users who become locked out of their account after losing their authentication key / device / etc. Merges #358 Fixes WordPress/wporg-two-factor#279 See WordPress/wporg-two-factor#300, WordPress/wporg-two-factor#275 git-svn-id: https://meta.svn.wordpress.org/sites/trunk@13982 74240141-8908-4e6f-9713-ba540dce6ec7
See WordPress/wporg-two-factor#279
This PR shows the following notice when logging in with a recovery code, or is running low on recovery codes.
In the first case, the
I'll do this lateronly shows if the user has at least one more recovery code on the account. I'm not against removing the bypass link entirely though.I realise that the 2nd and 3rd have a bad orphan, I need some text inspiration :)