Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Two-factor: should it fail if configured but dependencies missing? #13832
This is another corner case but I think we should address it.
I've configured a user with two-factor authentication but then removed the dependencies, so phpMyAdmin can't use two-factor authentication to authenticate the user. When I go to log in as that user, I'm not prompted in any way and I'm able to log in through the usual method with only a password.
I propose that in this case; when a user has two-factor authentication enabled but it's not available through phpMyAdmin, we should still deny login.