Users with too many TOTP attempts, should have their TOTP key removed instead of suspending them

SURFscz / SBS

Samenwerking Beheer Systeem ↣ Collaboration Management System

Apache License 2.0

3 stars 2 forks source link

Users with too many TOTP attempts, should have their TOTP key removed instead of suspending them #1402

Open baszoetekouw opened 1 month ago

baszoetekouw commented 1 month ago

So, users should end up in the same state as if they have forgotten their TOTP key and need an admin to reset it. They should not be allowed to enter a new TOTP key without going through the reset procedure.
They should not be suspended.