Option to disable email-based 2FA

Xon · Sep 14, 2017

Email is an abomination of reliable notification method, and if an ISP randomly blacklists you (and then good luck de-listing) users are unable to use 2FA tokens and need to-do the recovery.

naia · Sep 14, 2017

I require my staff members (in policy) to use TOTP 2FA tokens. It would be nice if there was a way to disable email tokens entirely. While I view the option of email tokens as valid for some communities, I would like to require a higher level of security and reliability. I support this suggestion.

Liam W · Sep 14, 2017

The providers are available in the database, I'm surprised they weren't extended to the frontend to allow for customisation, including changing the display order.

Liam

Chris D · Sep 14, 2017

I assume you already know, but in lieu of the suggestion being implemented via a UI, you can just disable the provider by changing active to 0 for the email provider.

Xon · Sep 14, 2017

Chris D said:
I assume you already know, but in lieu of the suggestion being implemented via a UI, you can just disable the provider by changing active to 0 for the email provider.

The problem is I've got people already using it, so will need todo some juggling to get it disabled without surprising people that their 2FA has been disabled.

Option to disable email-based 2FA

Xon

Well-known member

naia

Well-known member

Liam W

in memoriam 1998-2020

Chris D

XenForo developer

Xon

Well-known member

Similar threads

We value your privacy