julien731
commented
7 years ago That would make sense. If an admin forces users to use 2-fa (s)he probably doesn't mind having an annoying prompt that, indeed, forces users to enable it.
Open orenwolf opened 7 years ago
julien731
commented
7 years ago That would make sense. If an admin forces users to use 2-fa (s)he probably doesn't mind having an annoying prompt that, indeed, forces users to enable it.
Right now, if a user ignores the 2FA requirement until the login timeout is reached, they are locked out entirely and unable to log in.
Instead, if they log in successfully, they should instead be told that they MUST generate a code to log-in. This would probably require some sort of check that forces them to a generation page on every action, to make sure they didn't "deep-link" to somewhere in the admin interface to get around the login check (as they'd technically be logged-in correctly).