Open RouL opened 10 years ago
That’s already implemented. The user is shown an emergency code after activating two factor authentication. After using one of these two factor authentication will be disabled and the user will get a new one after reenabling it.
Von: Markus Zhang Gesendet: Dienstag, 24. September 2013 07:15 An: wbbaddons/Tims-2Factor-Auth
You should add backup codes like in Googles 2factor authentication. Backup Codes are fixed one-time codes (if I remember they're longer, than the generated codes), so called scratch-codes (use one, scratch it). The user should be able to regenerate them (not without using password of course) for security reasons (lost codes?). Usually you print them out and put them into your wallet for example.
— Reply to this email directly or view it on GitHub.
I must confess, I prefer Googles solution. You could still use one of your scratch codes and not deactivate the whole 2factor authentication. For example if you forgot your smartphone at home, but you have your codes in your wallet.
I fully agree with @RouL here. while the emergency recovery code is still a good idea, one time codes would be nice.
You should add backup codes like in Googles 2factor authentication. Backup Codes are fixed one-time codes (if I remember they're longer, than the generated codes), so called scratch-codes (use one, scratch it). The user should be able to regenerate them (not without using password of course) for security reasons (lost codes?). Usually you print them out and put them into your wallet for example.