View Issue Details

IDProjectCategoryView StatusLast Update
0005121SOGoWeb Preferencespublic2020-08-10 14:10
ReporterMAGIC Assigned To 
PrioritynormalSeverityfeatureReproducibilityN/A
Status newResolutionopen 
PlatformLinuxOSDebianOS Version10
Product Versionnightly master 
Summary0005121: No backup codes/entering 2FA-code for enabling two factor auth
Description

Hello,

Since https://sogo.nu/bugs/view.php?id=5090 we have 2FA now. But I have two concerns:
1.) After enabling 2FA I miss backupcodes so we can't login to SOGo if we can't access our e.g. mobile phone due to e.g. erasure of data.
2.) There's no check like 'Hey did the user save the 2FA code inside of his phone before clicking on save after you enabled the 2FA checkbox?' This would be useful and you could remove following text 'You must enter this key into your Google Authenticator application. If you do not and you log out you will not be able to login again.'

TagsNo tags attached.

Relationships

related to 0005122 new Two factor auth can be disabled without asking for password 

Activities

dragoangel

dragoangel

2020-08-07 18:39

reporter   ~0014648

Agree - before allow save setting which enables - there must be prompt for:

  1. TOTP - to validate that user has corretly saved his key
  2. under desire of developers - password
Christian Mack

Christian Mack

2020-08-10 14:08

developer   ~0014656

That is an additional feature request.

But yes it is advisable to check the second factor before saving that setting.

Issue History

Date Modified Username Field Change
2020-08-07 18:04 MAGIC New Issue
2020-08-07 18:39 dragoangel Note Added: 0014648
2020-08-10 14:08 Christian Mack Severity tweak => feature
2020-08-10 14:08 Christian Mack Note Added: 0014656
2020-08-10 14:10 Christian Mack Relationship added related to 0005122