Login New User
  •  
     
    story #14024 be able to recover my account when I have lost my TOTP device
Summary
user
be able to recover my account when I have lost my TOTP device
I can recover access to my account when I have lost my TOTP device.
When the user enroll itself, the possibility is given to download 10 recovery codes.

* A recovery code can be used instead of a TOTP code during the login process
* Each recovery code can be used only once
* There is a view in the account preferences to see how many recovery codes can still be used
* The recovery codes are stored in a way that make impossible to retrieve them (see the mechanism used for the personal access keys)
* The user can ask to generate new recovery codes








Open question: what to do when a user uses the last valid recovery code?
Empty
Empty
Status
To be done
Development
Empty
Empty
Details
#14024
Thomas Gerbet (tgerbet)
2019-10-18 17:54
2019-10-15 11:52
14645

References

List of items referenced by or referencing this item.

Artifact Tracker v5