Skip to content

Backup codes shouldn't be sufficient to enable MFA #27

Description

@justinmayer

Backup codes by themselves are not a good option for multi-factor authentication, and yet at present it is too easy for users to generate backup codes and, in the process, enable backup-code-only MFA.

I can think of two changes that would help mitigate this:

  1. Change the default templates such that backup code generation links are not displayed until either U2F or TOTP is enabled.

  2. Remove backup codes from the requires_two_factor function.

While (1) above may be sufficient to avoid the problem in most cases, I'm having a difficult time understanding why someone would want backup-code-only MFA, which is why I proposed (2) as well. That said, perhaps I'm missing something — if so, please enlighten me. ☺️

@gavinwahl: What do you think?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions