2FA backup required by default

[knightslugger]

There really ought to be a 2FA backup requirement when 2FA is enabled for the forum. I know the codes are available, but since zeroing out my phone, I lost my 2FA codes and thank GOD one device was still authenticated to log in and recover it. It would have been so much less aggravating to have the option to have a code emailed to me in leu of waiting until today to get it back up and running. Considering just about every 2FA login i have has that requirement, I find it baffling it is not one here.

 

Just a suggestion.

[colonel_mortis]

There is a warning message telling you that you should turn it on, but because you would have to choose between printed codes and email backup it's not something that should just be on by default IMO (just enabling printed codes is useless because most people wouldn't print them).

I will look into some improvements to make the default flow be to enable a backup method, but it's not something that I can change until the next update in a few months time.

[vanished]

It's important also to consider what backup method should be used.  Obviously you don't want one that's less secure than the main one or it defeats the purpose (see SMS messages).

[knightslugger]

16 minutes ago, Ryan_Vickers said:

It's important also to consider what backup method should be used.  Obviously you don't want one that's less secure than the main one or it defeats the purpose (see SMS messages).

Good point. A simple security question set up in advance (Randomly selected pool of say, 3?)  with a one time emailed password would probably suffice.

 

You get the code, log in again, input the code, answer the question, and that's that.