UI: Backup Codes Management #40
Assignees
Milestone
Comments
|
I don't think we need to verify backup codes like the WPCOM design does. It's not like TOTP, where the setup process is complex and we need to make sure it worked, because if we don't the user will be locked out of their account. Backup codes are much simpler. Verifying after they've been enabled also uses up a code, which might later confuse a user when it doesn't work. If a compelling reason presents itself, we can always add that later. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
After the setup process is done in #39 , we should add a way to regenerate the codes.
See #18 for mockups, may also need to look at WordPress.com for some of the interactions that aren't covered in the screenshots.
WordPress/two-factor#504 will need to be used locally until it's merged, so that we can use the REST API to interact with the upstream plugin.
This could potentially be done in two PRs, ala Thinking in React: one to stub out the UI, and then a second to add dynamic functionality.
The text was updated successfully, but these errors were encountered: