search

wbbaddons / Tims-2Factor-Auth

Allows users to protect their account by a requiring an unique code at login.
http://tims.bastelstu.be
BSD 3-Clause "New" or "Revised" License
7 stars 1 forks source link

Add backup code functionality #12

Open RouL opened 10 years ago

RouL commented 10 years ago

You should add backup codes like in Googles 2factor authentication. Backup Codes are fixed one-time codes (if I remember they're longer, than the generated codes), so called scratch-codes (use one, scratch it). The user should be able to regenerate them (not without using password of course) for security reasons (lost codes?). Usually you print them out and put them into your wallet for example.

TimWolla commented 10 years ago

That’s already implemented. The user is shown an emergency code after activating two factor authentication. After using one of these two factor authentication will be disabled and the user will get a new one after reenabling it.

Von: Markus Zhang Gesendet: ‎Dienstag‎, ‎24‎. ‎September‎ ‎2013 ‎07‎:‎15 An: wbbaddons/Tims-2Factor-Auth

You should add backup codes like in Googles 2factor authentication. Backup Codes are fixed one-time codes (if I remember they're longer, than the generated codes), so called scratch-codes (use one, scratch it). The user should be able to regenerate them (not without using password of course) for security reasons (lost codes?). Usually you print them out and put them into your wallet for example.

— Reply to this email directly or view it on GitHub.

RouL commented 10 years ago

I must confess, I prefer Googles solution. You could still use one of your scratch codes and not deactivate the whole 2factor authentication. For example if you forgot your smartphone at home, but you have your codes in your wallet.

My1 commented 7 years ago

I fully agree with @RouL here. while the emergency recovery code is still a good idea, one time codes would be nice.