Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Setup recovery process #9

Open
iandunn opened this issue Nov 3, 2022 · 3 comments
Open

Setup recovery process #9

iandunn opened this issue Nov 3, 2022 · 3 comments
Milestone
Iteration 1

Comments

@iandunn
Copy link
Member

iandunn commented Nov 3, 2022

Folks will sometimes get locked out when they lose their phone etc. Resetting a 2nd factor would ideally be independent of resetting the password, but for low-access accounts email might be better than nothing.

For high-privledge accounts, verification over video conference might be a secure option.

Maybe we require having 2 methods enabled, to reduce support requests.
Related WordPress/two-factor#485
@iandunn iandunn added this to the Iteration 1 milestone Nov 3, 2022
@iandunn
Copy link
Member Author

iandunn commented Nov 3, 2022

We could ask during 2fa signup that folks provide the w.org username of 2 people that can vouch for them. If they ask for recovery, we could contact those folks, ask them to confirm the original user in person or video chat, and then reply back to us. That whole process could be automated.

That’s assuming the other accounts aren’t also compromised, though. We’d also need to periodically email folks to make sure it’s still current.

For privileged accounts we’d probably still want to do it manually.

@StevenDufresne StevenDufresne removed this from the Iteration 1 milestone Jun 1, 2023
@iandunn iandunn added this to the Iteration 2 milestone Sep 13, 2023
@iandunn iandunn modified the milestones: Iteration 2, Iteration 1 Nov 17, 2023
@iandunn
Copy link
Member Author

iandunn commented Nov 17, 2023

We've already had the first example of the need for this

https://wordpress.slack.com/archives/C08M59V3P/p1700078774860549

@dd32
Copy link
Member

dd32 commented Jul 31, 2024

upstream issue: WordPress/two-factor#621

@dd32 dd32 mentioned this issue Aug 8, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
Iteration 1
Development

No branches or pull requests
4 participants
@iandunn @dd32 @StevenDufresne and others