As per T199118, it would be nice if the number of safety codes provided could be expanded from the default 5 to something like 10 or so like what Google provides.
Additionally, it would be preferable if there was a way for the user to find out how many (and which if possible) codes are left.
Additionally, it would be preferable if there was a way for the user to find out how many (and which if possible) codes are left.
How many has some use, but it's limited. Showing them again is a grey area
Looks like we should be able to do more scratch tokens without changing the field length (lots of spare space atm)
Change 479356 had a related patch set uploaded (by Reedy; owner: Reedy):
[mediawiki/extensions/OATHAuth@master] Give 10 users 10 scratch tokens
Showing them again is not even "grey" area to me; it is an absolute no. The other two things are reasonable though.
Some sites do it. Some don't. I haven't seen (or looked too hard) to see what the best practices say
T131788: Users should be notified when only two scratch tokens are left is partially that part of it. I'm not sure how/where we should potentially display this number
I think T131788 should create Notifications which can be displayed in wiki and/or sent to email (like any other notification).
As for the current task, I think it should be shown in Special:Preferences in the same line in which the 2FA button is currently located.
10 should be good I guess. GitHub for example offered me 16 IIRC. But I agree 5 are too few when we require two in some cases. Thanks.
Change 479356 merged by jenkins-bot:
[mediawiki/extensions/OATHAuth@master] Give users 10 scratch tokens