User Story:
As a user, I can navigate to Special:AccountSecurity (and aliases) and easily view all of my current, enabled 2fa authenticators and various information (T403666: Display creation timestamp of each key on Special:AccountSecurity, others TBD) about them.
| Status | Subtype | Assigned | Task | ||
|---|---|---|---|---|---|
| Open | None | T399644 FY2025-26 WE4.6.2 Multiple Authenticators | |||
| Resolved | sbassett | T399649 Show enabled 2FA details on Special:AccountSecurity |
Currently the only information we show about WebAuthn keys is a user-provided nickname. For TOTP keys we have no information whatsoever (not a problem in the current UI where there can only be one TOTP key, but once we do T230042: Allow multiple TOTP devices and have multiple, this might become problematic).
For backup codes, I imagine we won't allow setting up multiple, from the database point of view (from the user's POV they come in batches of ten already) so there is no other information needed than maybe the number of remaining codes. Even if wanted a "give me 10 more codes" functionality, we'd probably just add that to the existing set of codes and still keep everything in a single DB row.
For now, I think we've landed on having a single backup code that regenerates upon each successful usage. But we'll have to be able to support the existing recovery code workflow along side that for some transitional period of time.
Per the related task T399647 and notes from T399647#11198563, I believe the majority of the work for this general task has been completed. I'll plan to resolve this once the relevant change sets for T232336 are all merged.
Marking as resolved with the completion of T232336. There are some small UI tweak that are tracked in separate bugs for the continuing FY2025-26 WE 4.6 - Account Security (WE 4.6.4 - 2FA improvements and passkey support).