Plugin Directory: Release Confirmation: Require 2FA instead of email verification

WordPress / wordpress.org

WordPress.org Meta, Git-ified. Synced from git://meta.git.wordpress.org/ This repository is just a mirror of the WordPress Meta subversion repository. Please include a link to a pre-existing ticket on https://meta.trac.wordpress.org/ with every pull request.

https://meta.trac.wordpress.org/

109 stars 140 forks source link

Plugin Directory: Release Confirmation: Require 2FA instead of email verification #344

Open dd32 opened 2 months ago

dd32 commented 2 months ago

When a user has 2FA setup, we should rely upon that instead of email.

This is more secure, and for those who are using Keys, likely more streamlined.

This is a work in progress, and requires a few more steps.

See https://meta.trac.wordpress.org/ticket/7704

This is reliant upon https://github.com/WordPress/wporg-two-factor/pull/283

dd32 commented 1 month ago

Rather than having a prompt to 2FA, this would be better implemented if the buttons were just shown as clickable, but upon click the JS handler for revalidation prompted it at that point.