allura-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dave Brondsema" <>
Subject [allura:tickets] #8117 Implement core 2FA
Date Fri, 19 Aug 2016 19:55:28 GMT
Some nuances to consider:

Bitbucket requires 2FA resubmission to view/update settings, not just password reconfirmation.

Reconfiguration vs (re)adding a phone with the same key as before.

* GitHub says "You’re about to change your two-factor authentication device. This will invalidate
your current two-factor devices. This will not affect your recovery codes or fallback SMS
configuration. Those can be updated on the two-factor settings page."
* Bitbucket only lets you disable, then re-enable
* Dreamhost has separate options to view your key, vs regenerate.  I like this.

Many sites will show you the text form of the key, so you can enter it manually.  Not sure
if this is really needed for anyone?  Phones/apps without camera support?


** [tickets:#8117] Implement core 2FA**

**Status:** in-progress
**Milestone:** unreleased
**Labels:** security 
**Created:** Mon Aug 15, 2016 03:54 PM UTC by Dave Brondsema
**Last Updated:** Mon Aug 15, 2016 03:54 PM UTC
**Owner:** Dave Brondsema

This ticket is for the essential functionality for TOTP 2FA, separate tickets for other aspects

Some details at


Sent from because is subscribed to

To unsubscribe from further messages, a project admin can change settings at
 Or, if this is a mailing list, you can unsubscribe from the mailing list.
  • Unnamed multipart/related (inline, None, 0 bytes)
View raw message