Page MenuHomePhabricator

Give scratch tokens when enabling two-factor authentication
Closed, DuplicatePublic

Description

Sometimes users accidentally delete the TOTP app, or even lose their phone. To make the recovery process easier, I suggest giving a set of one-time scratch tokens (Sounds scratchy? How about "backup tokens"?) during the set-up process of two-factor authentication. Users will be able to use the scratch tokens to log in should the lose their token generator.

Background: https://phabricator.wikimedia.org/T85706

Event Timeline

zhaofengli raised the priority of this task from to Needs Triage.
zhaofengli updated the task description. (Show Details)
zhaofengli added a subscriber: zhaofengli.

IIRC the google authenticator app itself gave me one-time use codes when I first set it up. What client side app are you using?

It's a Google-specific routine in the app (and only works when you set up your Google account with it), not a part of the TOTP standard. Servers implement scratch codes in their own ways.