Closed jb510 closed 8 years ago
That's a good idea to display who has 2FA enabled directly in the users list. I'll definitely add that.
Regarding the "locked out" situation, I agree it's not ideal. Forcing users to set it up (like really forcing them, not letting them do anything else until they did the setup) would be the best way to go but I'm not sure how exactly to present that. That's definitely something that needs improvement thought.
The icon is a good idea
+1
We just enabled 2FA on a clients site. There are 10 administrator role users in addition to the client. He's set things to require 2FA for all administrators.
Only 3-4 got their 2FA setup before forcing use.
It'd be good to see which users have 2FA setup without having to click through to each user. Perhaps adding a column to /wp-admin/users.php with a icon or something to indicate they've setup 2FA?
Also, I didn't see documentation on this, but in our scenario I'm assuming those users without 2FA setup now can't login, correct? I think they should be allowed to login and then forced to setup 2FA upon login, but I don't think it works that way currently. Either way, it'd be userful to update the FAQ to explain thing for that scenario. (a few admins have 2FA setup, 2FA is forced, what happens with other admins)