With WebAuthn approaching, it might be worth to separate the Recovery codes from OATHAuth into a separate MFA authentication module and detach if from the TOTP method as WebAuthn does not have a recovery method of its own.
See also: T218214#5474912
With WebAuthn approaching, it might be worth to separate the Recovery codes from OATHAuth into a separate MFA authentication module and detach if from the TOTP method as WebAuthn does not have a recovery method of its own.
See also: T218214#5474912
Status | Subtype | Assigned | Task | ||
---|---|---|---|---|---|
Open | None | T100375 Improve user experience of Two-Factor process | |||
Open | None | T125653 Create new types of notifications | |||
Open | None | T166622 Allow all users on all wikis to use OATHAuth | |||
Open | None | T131788 Users should be notified when only two scratch tokens are left | |||
Open | None | T150601 Add option to generate new set of scratch codes | |||
Open | None | T232336 Separate recovery codes into a separate MFA method | |||
Open | taavi | T242031 Allow multiple different 2FA devices | |||
Resolved | Reedy | T268564 Convert OATHAuth to AbstractSchema |
I think then having this "backup/recovery code" module to be enable if one (or more) MFA methods are enabled... Makes complete sense
This might make T150601: Add option to generate new set of scratch codes easier too
One problem, the current database structure only allows one set of 2fa credentials per user.... :(
id int(11) PK
where id is user_id
I do wonder if we can drop the module column, and just have that as part of the data....