Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add button to explicitly generate backup codes #250

Closed
iandunn opened this issue Sep 15, 2023 · 0 comments · Fixed by #296
Closed

Add button to explicitly generate backup codes #250

iandunn opened this issue Sep 15, 2023 · 0 comments · Fixed by #296
Assignees
@adamwoodnz

Comments

@iandunn
Copy link
Member

iandunn commented Sep 15, 2023
edited
Loading

If you visit the Backup Codes screen for the first time, the codes are generated automatically, even if the user doesn't intend to (they may just be exploring the feature, and not ready to permanently save the codes, etc). That worsens the effects of WordPress/two-factor#507.

We could add a button as the first step, so we at least know the user intends to generate codes (if not save them). It seems like a bad practice to take an action that modifies their account without an explicit direction.

We could provide a way to disable backup codes so they can undo an accidental generation, but it's important to have them to prevent getting locked out of their account. If we do that, we should probably disable all 2FA providers, and make it very clear to them that we've done that and they'll need to set it up again.

Related #256
@iandunn iandunn added this to the Iteration 2 milestone Sep 15, 2023
@iandunn iandunn changed the title Add button to generate backup codes Add button to explicitly generate backup codes Sep 20, 2023
@iandunn iandunn mentioned this issue Sep 20, 2023
Open
@StevenDufresne StevenDufresne removed this from the Iteration 2 milestone Jul 19, 2024
@adamwoodnz adamwoodnz self-assigned this Aug 13, 2024
@adamwoodnz adamwoodnz mentioned this issue Aug 14, 2024
Merged
@github-project-automation github-project-automation bot moved this from In Progress to Done in @adamwoodnz's WIP Sep 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@adamwoodnz adamwoodnz

Labels
None yet
Projects
@adamwoodnz's WIP
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Only create backup codes when user initiated WordPress/wporg-two-factor
3 participants
@iandunn @adamwoodnz @StevenDufresne