Suggestion: 2FA Backup Code[s]

By Tyler Loewen
August 21, 2017 in Feedback

Recommended Posts

Tyler Loewen

Posted August 21, 2017

- Share

Posted August 21, 2017

Being able to reset an account's 2FA via email allows for an exploit if a hacker is able to compromise the user's email address. If the user's email address is compromised, the hacker will be able to reset both the account's password and 2FA thus having the ability to access the account.

An available solution is to require contacting the administrator to reset the user's 2FA. But this requires an admin's time plus a hacker could still social engineer the admin.

Having 2FA backup codes would make the 2FA system less exploitable while not requiring an admin's time to reset the 2FA. I think this solution would be beneficial to Invision Power's commercial users and high traffic web sites.

Link to comment

Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

Recently Browsing 0 members
- No registered users viewing this page.

Upcoming Events

No upcoming events found
Trending Content
- 6
  
  Move to S3 messes up embedded gallery images in Pages
  
  By CheersnGears
  Started 2 hours ago
- 24
  
  spam posts
  
  By Ihia
  Started March 13
- 6
  
  Possible Issue After Recent Patch
  
  By sadams101
  Started Sunday at 08:20 PM

Forums
Blogs
All Activity
More
- Back
- Providers Directory
- Leaderboard
- Theme Diff
- Marketplace
- Clubs
- Events

Create New...

Invision Community 5: Assign topics to moderators

Invision Community 4: Pages databases in Clubs

Invision Community 5: Live Topic Improvements

Invision Community 5: New Live Community Features

Suggestion: 2FA Backup Code[s]

Recommended Posts

Tyler Loewen

Link to comment

Share on other sites

Archived

Recently Browsing 0 members

Upcoming Events

Trending Content

More