Event Timeline
Comment Actions
Description of the Github flow: https://help.github.com/articles/configuring-two-factor-authentication-via-a-totp-mobile-app/
Description of the Google flow: https://www.authy.com/tutorials/enable-2-step-verification-gmail/
Comment Actions
I'd like we invest time for that. Currently, we're asking users to setup 2FA, and they do stupid stuff like wipe their phone.
I've just tested the GitHub flow, I got three strong hints I need to backup the codes: 1. web / setup 2 factor 2. web / immediately after 3. mail. It also offers SMS alternative, but this part is perhaps less important than secure the scratch codes, and SMS can't be considered as highly trustable,