Page MenuHomePhabricator
Create Task
Maniphest T7309

Give scratch tokens when enabling two-factor authentication
Closed, DuplicatePublic
Actions

Description

Sometimes users accidentally delete the TOTP app, or even lose their phone. To make the recovery process easier, I suggest giving a set of one-time scratch tokens (Sounds scratchy? How about "backup tokens"?) during the set-up process of two-factor authentication. Users will be able to use the scratch tokens to log in should the lose their token generator.

Background: https://phabricator.wikimedia.org/T85706

Related Objects

Event Timeline

zhaofengli created this task.Feb 18 2015, 1:08 AM
zhaofengli raised the priority of this task from to Needs Triage.
zhaofengli updated the task description. (Show Details)
zhaofengli added a subscriber: zhaofengli.
Herald added a subscriber: qgil. · View Herald TranscriptFeb 18 2015, 1:08 AM
zhaofengli added a project: Auth.Feb 18 2015, 1:14 AM
chasemp added a subscriber: chasemp.Feb 18 2015, 1:46 AM

IIRC the google authenticator app itself gave me one-time use codes when I first set it up. What client side app are you using?

zhaofengli added a comment.Feb 18 2015, 1:52 AM

It's a Google-specific routine in the app (and only works when you set up your Google account with it), not a part of the TOTP standard. Servers implement scratch codes in their own ways.

epriestley closed this task as a duplicate of T6549: Backup codes for multi-factor authentication.Feb 18 2015, 4:30 AM
epriestley mentioned this in T6549: Backup codes for multi-factor authentication.Feb 18 2015, 4:43 AM
Phabricator · Built by Phacility