search

FilenCloudDienste / filen-drive-legacy

Web drive for filen.io
https://drive.filen.io
GNU Affero General Public License v3.0
3 stars 1 forks source link

2FA recovery key #93

Closed maikella closed 1 year ago

maikella commented 1 year ago

I could be very wrong, but the recovery key that is given right after activating 2FA is never asked for!

Screenshot from 2023-07-16 12-09-29

I did a test as if I didn't have 2FA at hand; after entering the password, a box appears to enter the code, but there is no option like "lost 2FA code?" or something like this:

example

I even tried putting the recovery key in place of 2FA code, I thought it would be valid since there is something like this:

Screenshot from 2023-07-09 15-55-04

the master keys work great! anyway, I clicked "forgot your password". the email is assertive; it says nothing other than to change the password. I thought I could reset my account or something, but I know that option wasn't made for that purpose

I tested it in the app and in other browsers, but nothing really showed up

where should I use this recovery key?

PS: I don't use the desktop version, so I have no opinion on it

regardless, it would be nice to have something more explicit

Dwynr commented 1 year ago

2FA recovery key can be used just like the normal TOTP (generated) 6 digit code.

Encryption master key should be used when resetting your (lost) password to prevent data deletion.