Page MenuHomePhabricator

Separate recovery codes into a separate MFA method
Open, Needs TriagePublic

Description

We should separate the Recovery codes from OATHAuth into a separate MFA authentication module and detach if from the TOTP method as WebAuthn does not have a (self) recovery method of its own.

See also: T218214#5474912

Event Timeline

I think then having this "backup/recovery code" module to be enable if one (or more) MFA methods are enabled... Makes complete sense

This might make T150601: Add option to generate new set of recovery codes easier too

One problem, the current database structure only allows one set of 2fa credentials per user.... :(

id int(11) PK

where id is user_id

We have a decent size blob we can use though...

One problem, the current database structure only allows one set of 2fa credentials per user.... :(

id int(11) PK

where id is user_id

I do wonder if we can drop the module column, and just have that as part of the data....

Reedy renamed this task from Separate recovery codes into a separate MFA method to Separate scratch/recovery codes into a separate MFA method.Dec 6 2023, 12:39 PM
Reedy renamed this task from Separate scratch/recovery codes into a separate MFA method to Separate recovery codes into a separate MFA method.Jan 1 2024, 8:54 PM
Reedy updated the task description. (Show Details)