You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This is a feature request and not a bug report. Otherwise, please create a new bug report instead.
Please check to see if this request (or a similar one) already exists.
It's a single feature. Please don't request multiple features in one issue.
Describe the feature you'd like
Right now when you enable 2fa, it gives you a '2FA installation link'. I personally don't have a way to easily use that link. Most TOTP 2FA things i've used generate a QR code for you to scan to save somewhere.
Requsting that the UI generate a QR code for scanning by apps like Google Authenticator, Authy, etc. to generate 2FA pins.
The text was updated successfully, but these errors were encountered:
I also had this problem. My browser does not handle otpauth:// links.
Another problem is that the 2FA setup process does not verify at any point that the user has correctly received the credential by doing what every other website does and request that the user type in a 2FA code immediately to complete the setup process.
I anticipate many users locking themselves out of their account while trying to manually type the code from that URL into their TOTP app, then logging out to test that it works - (it won't).
I also anticipate users using whatever shady website is returned by google to paste their OTP code into it to generate a QR code to scan, thereby leaking their 2FA credential to whoever operates said shady website.
The current implementation of this feature is worse for security than not having it.
Requirements
Describe the feature you'd like
Right now when you enable 2fa, it gives you a '2FA installation link'. I personally don't have a way to easily use that link. Most TOTP 2FA things i've used generate a QR code for you to scan to save somewhere.
Requsting that the UI generate a QR code for scanning by apps like Google Authenticator, Authy, etc. to generate 2FA pins.
The text was updated successfully, but these errors were encountered: