Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Backup Codes: When used, the user should be forced to their 2FA settings #279

Closed
dd32 opened this issue Jul 4, 2024 · 1 comment
Closed

Backup Codes: When used, the user should be forced to their 2FA settings #279

dd32 opened this issue Jul 4, 2024 · 1 comment

Comments

@dd32
Copy link
Member

dd32 commented Jul 4, 2024

When a user logs in with a backup code / recovery code, it should be assumed that this is a case where they've lost their 2FA details.

We should override the redirection location to be their 2FA settings.
@dd32
Copy link
Member Author

dd32 commented Aug 8, 2024
edited
Loading

Thinking this through; there's twothree different cases related to backup codes, each with a slightly different interstitial / redirect case

  1. Logged in with a backup code - Do you need to setup a new 2FA provider? or do you just not have your keys with you right now?
  2. Logged in normally; but now has a few (3?) backup code remaining - Do you need to download/store new backup codes?
  3. Logged in normally; but doesn't have any verified backup codes - Nag, Hey did you download/store those? Go generate new ones plz

2&3 are probably one and the same really, and should be a priority to reduce nuisance account lock-out issues before #9
1 is likely far less urgent, and could potentially be irrelevant depending on how #9 is resolved.

@dd32 dd32 mentioned this issue Aug 16, 2024
Closed
bazza pushed a commit to WordPress/wordpress.org that referenced this issue Aug 29, 2024
@dd32
Login: 2FA: Store the last-nag-time for backup codes too, such that w…
47fd727 
…e can perform stats.

See [13982].
See WordPress/wporg-two-factor#279


git-svn-id: https://meta.svn.wordpress.org/sites/trunk@14007 74240141-8908-4e6f-9713-ba540dce6ec7
@dd32 dd32 mentioned this issue Aug 29, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@dd32