Encourage setting up a recovery factor

WordPress / two-factor

Two-Factor Authentication for WordPress.

https://wordpress.org/plugins/two-factor/

GNU General Public License v2.0

727 stars 153 forks source link

Encourage setting up a recovery factor #485

Open iandunn opened 2 years ago

iandunn commented 2 years ago

Ideally users should setup two factors, one as a primary and one as a backup. e.g., WebAuthn as the primary and TOTP as the backup; or TOTP as the primary and Backup Codes as the backup.

Otherwise, they could get locked out of their account. On smaller sites an admin could reset them, but that's not practical on larger sites, or sites where the admin doesn't personally know the user.

Rough idea:

Screen Shot 2022-10-20 at 9 39 20 AM

kasparsd commented 1 month ago

I really think this is a major step in ensuring that users configure their two-factors in a way that reduces their risk of being locked out of accounts. I'll work on a quick prototype for this.