Make UX friendlier for changing and viewing current 2FA methods

[taivlam]

What problem are you facing?

After getting the Pro plan, the default for 2FA on my account was still e-mail and my secondary 2FA method was TOTP app (Aegis and Ente Auth).

I had both e-mail set up (which is always required) and the TOTP app set up before activating the Pro plan.

Afterwards, for 2FA, my default method was still e-mail and the TOTP app was secondary. (To be clear, I can't remember if on the free plan that e-mail will always be default and TOTP apps will be secondary.)

What's the solution you'd like to see in Notesnook?

• Even if e-mail as a 2FA method is always required for a Notesnook account, I believe it would be better for TOTP to be automatically set as the default 2FA method over e-mail, as soon as TOTP is activated.
  • Please do this, if TOTP apps for 2FA is already available for users on the Free plan.
• The UI in the account settings should also indicate what is the current secondary 2FA method for the account.

What alternatives have you considered?

See below.

Current UX state of designating TOTP app as default and e-mail for secondary 2FA

I went through the menu of changing the primary 2FA method to TOTP app. In the settings ("Settings" > "User account" > "Authentication"), "Primary method" visually shows the default 2FA method, but there is no place in the UI that indicates what is the current secondary 2FA method.

When I changed the primary 2FA method from e-mail to TOTP app, the UX appears as if I have to reconfigure the TOTP secret seed code. However, upon closer inspection, the regenerated TOTP code now (with the Pro plan) is identical to back when I had the free plan. So, at least I didn't have to change my TOTP entry for Notesnook in Aegis and Ente Auth.

However, this operation resets the TOTP recovery codes (so, if you're trying to perform what I did, then make sure to update the old set of recovery codes with this latest set). Other than that, everything proceeds normally.

Setting the secondary 2FA method to e-mail (which I personally trust more than SMS) is more straightforward, though this still requires me to enter the 6-digit code sent in via e-mail (but at least my Notesnook account still remembers what my e-mail address is and has it prefilled.)

Additional context

Screenshot:

(The default 2FA method has already been changed to TOTP app, though this still shows that there's no place in the UI to tell Notesnook users what is their current backup 2FA method is.)

[Leviob]

The UI might be more intuitive if the button text said the currently used method:

Primary Method App Fallback Method Email (or None)