Backup code text/download should include context

WordPress / wporg-two-factor

2FA for WordPress.org accounts

35 stars 7 forks source link

Backup code text/download should include context #293

Open tellyworth opened 1 month ago

tellyworth commented 1 month ago

Currently the backup codes, when copied to clipboard or downloaded as a text file, contains literally only the comma-separated codes.

It would be better to include a little context with that text. At a minimum, a simple header such as:

Two-Factor backup codes for your wordpress.org account:

This would make it easier for users to search their computer/phone for codes in a recovery situation.

We could also consider including additional context like the date and username. Including the username could increase the likelihood of a bad actor misusing a misplaced file; I'm not sure if that's a significant issue.

StevenDufresne commented 1 month ago

We can also include the name of .txt file in our documentation to help users find saved codes on their computer.

dd32 commented 4 weeks ago

The two-factor plugin has the following header for files: https://github.com/WordPress/two-factor/blob/e5d6b20ed901429faadbf015ce56ba6e55abe68e/providers/class-two-factor-backup-codes.php#L273-L281 Example:

Two-Factor Recovery Codes for https://site.example/

1. 0000000
2. 0000000
3. ...

dd32 commented 3 weeks ago

Suggestion:

Two-Factor Backup Codes for 'dd32' on WordPress.org.
These codes were generated on 2024-08-20.
Each code can only be used once.

1. 0000001
2. 0000002
3. ...

pkevan commented 3 weeks ago

Suggestion:

Two-Factor Backup Codes for 'dd32' on WordPress.org.
These codes were generated on 2024-08-20.
Each code can only be used once.

1. 0000001
2. 0000002
3. ...

This is perhaps too much information for backup codes, and that username shouldn't feature in the output?

dd32 commented 3 weeks ago

This is perhaps too much information for backup codes, and that username shouldn't feature in the output?

The addition of the username comes from the issue description; I feel that the user experience improvement is better than the alternative. If someone has their 2FA backup codes leaked they've likely got bigger problems?

We could also consider including additional context like the date and username. Including the username could increase the likelihood of a bad actor misusing a misplaced file; I'm not sure if that's a significant issue.