Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Identifying users #25
Provide a secure service by accurately identifying users. Includes guidance on:
We have updated our guidance on identifying users. Most of it is around authentication - https://home-office-digital-patterns.herokuapp.com/patterns/identifying-users
Few short observations about doing two factor authentication (I was writing this down for someone anyway so thought I might as well put it here).
By text message
Front-load the code in the text message
Call it a ‘security code’
This is friendlier than ‘2FA’ or ‘two factor’. I think Verify use this wording this as well.
Question how long the code needs to be
6 digits seems to be standard for authenticator apps. 4 or 5 feels way easier to transpose from one place to another. Anecdotally people with dyslexia find long codes troublesome.
If using email for quasi-two-factor authentication make it a tokenised link, not a code that people have to copy/paste.