Lack of interest Force user to remember reserve auth codes or allow to change method of 2FA

This suggestion has been closed automatically because it did not receive enough votes over an extended period of time. If you wish to see this, please search for an open suggestion and, if you don't find any, post a new one.
G

grisha2217

Active member
Hi guys. I'm owner of huge forum with 500k registered members. I enabled 2fa for all members, who has more 10 likes. Everyday members write me, that they reseted your smartphone or lost it, ask me to disable 2fa for theim and i do it. They don't save reserve auth codes, of course.

My suggestion:
Print reserve codes on page and show "i saved this codes in text document" button after 2fa enabling.

2nd suggestion (optionally, can be disabled in admincp):
If user does not have access to smartphone app, he can pass 2FA throught email code receiving.
 
Upvote 0
This suggestion has been closed. Votes are no longer accepted.
grisha2217 said:
If user does not have access to smartphone app, he can pass 2FA throught email code receiving.
Click to expand...

They can already do this if they setup both GAuth and email validation. If you force enable email validation on all users having GAuth means essentially nothing since it can be bypassed
 

Similar threads

R
  • Suggestion Suggestion
Lack of interest Disallow/Disable/Force specific kinds of two factor authentication
Replies
0
Views
1K
rugk
R
Top Bottom