Closed AmaniKrayemRCPCH closed 3 months ago
a way for users to complete 2FA if they don't have access to their phone would also be helpful
Long term I think we should additionally support passkeys: https://www.tomsguide.com/news/what-are-passkeys. iOS and Android synchronise them across your devices so you'd be able to log in with anything logged in to your Apple ID or Google account.
We would still need a way to reset the users 2fa manually. As part of this we should also do an additional factor check, eg a one time email link as we won't practically be able to verify the users identity when they request the reset.
This is now fixed but I will use @mbarton's suggestion to create a separate issue for the longer term road map
E.g. if a user loses their phone.
At the moment, I remove the phone authentication method as a superuser. It would be helpful if other RCPCH staff can do this.
Otherwise, a way for users to complete 2FA if they don't have access to their phone would also be helpful.