Maniphest T150601

Add option to generate new set of recovery codes
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	TheDJ
	Nov 13 2016, 9:46 AM

Tags

Referenced Files

	F65750465: image.png
	Aug 14 2025, 9:29 AM

	F65746189: image.png
	Aug 13 2025, 5:19 AM

Subscribers

AfroThundr3007730

View All 18 Subscribers

Description

There should be an option to generate a new set of scratch codes. Either for when you reach your last two valid ones, or in case you actually have lost your set of scratchcodes.

Rather than having to fully disable 2FA and re-enable it.

Related Objects
Search...

		Status	Subtype	Assigned	Task
		Open		None	T125653 Create new types of notifications
		Open		None	T100375 Improve user experience of Two-Factor process
		Open		None	T352856 Recovery code improvements
		Resolved		None	T166622 Allow all users on all wikis to use OATHAuth
		Resolved		Reedy	T131788 Users should be notified when only two recovery codes are left
		Duplicate		None	T399651 Separate recovery codes into a separate module
		Resolved		sbassett	T150601 Add option to generate new set of recovery codes
		Resolved		sbassett	T232336 Separate recovery codes into a separate 2FA module
		Resolved		taavi	T242031 Allow multiple different 2FA devices
		Resolved		Reedy	T268564 Convert OATHAuth to AbstractSchema
		Resolved		taavi	T330502 Create oathauth_types and oathauth_devices tables
		Resolved		Marostegui	T348693 Drop oathauth_users table from production
		Resolved		sbassett	T145915 OATHAuth OTP shouldn't be stored in cleartext in the DB

Event Timeline

TheDJ created this task.Nov 13 2016, 9:46 AM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptNov 13 2016, 9:46 AM

TheDJ added a parent task: T131788: Users should be notified when only two recovery codes are left.Nov 13 2016, 9:47 AM

Thibaut120094 subscribed.Nov 13 2016, 1:53 PM

Xaosflux subscribed.Nov 13 2016, 4:53 PM

Pmlineditor subscribed.Nov 14 2016, 5:58 AM

Tgr edited projects, added MediaWiki-extensions-OATHAuth; removed MediaWiki-extensions-OAuth.Jan 10 2017, 8:09 PM

TheDJ mentioned this in T168064: Possible issue with 2FA tokens.Jun 16 2017, 2:03 PM

Framawiki subscribed.Jun 16 2017, 4:30 PM

Reedy mentioned this in T172079: Allow OATHAuth users with 2FA already enabled to add / switch devices without disabling.Sep 1 2017, 3:34 PM

deryckchan subscribed.Sep 4 2017, 1:51 PM

Omshivaprakash subscribed.Sep 5 2017, 8:40 PM

mxn subscribed.Nov 6 2017, 6:26 AM

Lars.Dormans awarded a token.Mar 11 2018, 8:19 PM

Tgr mentioned this in T166622: Allow all users on all wikis to use OATHAuth.Dec 6 2018, 8:22 AM

Tgr mentioned this in T150898: Force OATHAuth (2FA) for certain user groups in Wikimedia production and Beta wikis.

MGChecker subscribed.Dec 6 2018, 6:21 PM

AfroThundr3007730 subscribed.Dec 7 2018, 2:22 AM

Tgr added a parent task: T166622: Allow all users on all wikis to use OATHAuth.Dec 10 2018, 7:07 AM

Reedy moved this task from Backlog to User Experience on the MediaWiki-extensions-OATHAuth board.Jul 5 2019, 10:00 PM

Reedy mentioned this in T232336: Separate recovery codes into a separate 2FA module.Sep 9 2019, 4:33 PM

jeblad subscribed.May 23 2020, 12:04 PM

Legoktm added a subtask: T232336: Separate recovery codes into a separate 2FA module.Feb 18 2022, 10:00 AM

Logicer subscribed.Jul 5 2022, 5:53 AM

Dringsim subscribed.Sep 24 2023, 1:03 PM

Reedy added a parent task: T352856: Recovery code improvements.Dec 6 2023, 12:44 PM

Reedy mentioned this in T354030: Allow viewing recovery codes again?.Dec 26 2023, 9:43 PM

Reedy renamed this task from Add option to generate new set of scratch codes to Add option to generate new set of recovery codes.Jan 1 2024, 8:52 PM

Reedy updated the task description. (Show Details)

Reedy triaged this task as High priority.Jan 13 2024, 3:19 PM

jeremyb subscribed.May 4 2025, 12:15 PM

sbassett mentioned this in T399959: Assess and review existing tasks and patches related to supporting WE 4.6.2 2fa Multiple Authenticators work.Jul 18 2025, 2:19 PM

sbassett added a parent task: T399651: Separate recovery codes into a separate module.Jul 22 2025, 5:26 PM

Catrope added a project: FY2025-26 WE4.6.2 Multiple Authenticators.Jul 27 2025, 6:11 PM

Tgr reopened subtask T232336: Separate recovery codes into a separate 2FA module as Open.Jul 31 2025, 4:49 PM

Tgr mentioned this in T399664: Expand 2FA Opt-In Privileges.Aug 1 2025, 9:25 AM

UI design by @AAlhazwani-WMF (for more context on the proposed UI refresh for 2FA, see T401771 and T401774):

image.png (881×433 px, 69 KB)

ReaperDawn subscribed.Aug 13 2025, 10:46 PM

@Catrope i've realized the the full flow was missing in figma, so i've created a new section under the 'user stories' page, here's the direct link https://www.figma.com/design/ll2DMOlp80iy7wYCk44dxT/Multiple-Authenticators?node-id=4305-7374&t=NrkuFI0ZQaicGjZy-1 to the section in question.

image.png (1×3 px, 622 KB)

Catrope assigned this task to sbassett.Oct 2 2025, 3:50 AM

Catrope moved this task from Backlog to In Progress on the FY2025-26 WE4.6.2 Multiple Authenticators board.

Catrope mentioned this in T406280: Warn users before they generate a new recovery code.Oct 2 2025, 11:26 PM

sbassett closed subtask T232336: Separate recovery codes into a separate 2FA module as Resolved.Oct 3 2025, 8:39 PM

Marking as resolved with the completion of T232336. There are some small UI tweak that are tracked in separate bugs for the continuing FY2025-26 WE 4.6 - Account Security (WE 4.6.4 - 2FA improvements and passkey support).