| Reedy | |
| Dec 26 2023, 9:43 PM |
| F41634173: Screenshot 2023-12-26 at 22.25.51.png | |
| Dec 26 2023, 10:27 PM |
It seems to be getting more common these days that sites will let users view their recovery codes again, rather than just generating new ones (as we want to do in T150601: Add option to generate new set of recovery codes; and we should still do, even if we implement this task).
Does this make sense for us?
Also, when you do view them, you get a notification (at least via email) that they have been viewed... Which is kinda nice
| Status | Subtype | Assigned | Task | ||
|---|---|---|---|---|---|
| Open | None | T100375 Improve user experience of Two-Factor process | |||
| Open | None | T352856 Recovery code improvements | |||
| Open | None | T354030 Allow viewing recovery codes again? |
This would prevent the recovery-codes part of T145915: OATHAuth OTP shouldn't be stored in cleartext in the DB.
Well, more specifically, it would prevent storing recovery codes via one-way hashes. Encrypting them would still be a meaningful security improvement.
In my opinion, if we can regenerate recovery codes only with one click, we don't need the option to view existing recovery codes. I think the risk of storing recovery codes in a recoverable format (I mean not using hash function) is much more bigger than the benefit.
Related to T408759: we are now displaying recovery codes again, but not in a way that everyone expects.