Thursday, December 27, 2018
Ask HN: What is a secure way to allow 2FA resets?
Ask HN: What is a secure way to allow 2FA resets?
I have 2FA on one of my web apps. Most users are using Google Authenticator which uses TOTP (Time-Based One-Time Password). On first login, we show them a QR code. We instruct them to save a copy of this QR code in the event they get a new phone or want to install a new 2FA app. However, I am running into a situation where users are not doing this. I can easily enough reset their account to show a QR code again on next login, but my question is: What is the safest way to "authenticate" them for a reset? I could do things like send a reset email to the email associated with the account, but I am just wondering what others are doing for situations like this. I want to make sure I am doing it as securely as possible. Thanks!
more
I have 2FA on one of my web apps. Most users are using Google Authenticator which uses TOTP (Time-Based One-Time Password). On first login, we show them a QR code. We instruct them to save a copy of this QR code in the event they get a new phone or want to install a new 2FA app. However, I am running into a situation where users are not doing this. I can easily enough reset their account to show a QR code again on next login, but my question is: What is the safest way to "authenticate" them for a reset? I could do things like send a reset email to the email associated with the account, but I am just wondering what others are doing for situations like this. I want to make sure I am doing it as securely as possible. Thanks!
more
0 Comments:
Make Money
Recent Posts
British Doctors May Soon Prescribe Art, Music, Dan...
The Now Habit (2015)
People are texting their exes and buying stuff in ...
Japan whale hunting: Commercial whaling to restart...
Fast and accurate object detection in high resolut...
A visual introduction to probability and statistics
What it’s like to watch an IBM AI successfully deb...
What Kagglers Are Using for Text Classification
Finite of sense and infinite of thought [video]
Ask HN: What should I do when I'm bored with my ca...
The Now Habit (2015)
People are texting their exes and buying stuff in ...
Japan whale hunting: Commercial whaling to restart...
Fast and accurate object detection in high resolut...
A visual introduction to probability and statistics
What it’s like to watch an IBM AI successfully deb...
What Kagglers Are Using for Text Classification
Finite of sense and infinite of thought [video]
Ask HN: What should I do when I'm bored with my ca...
Archive
January 2006April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
February 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
January 2008
February 2008
April 2008
May 2008
July 2008
August 2008
September 2008
October 2008
November 2008
January 2009
May 2009
June 2009
July 2009
August 2009
September 2009
December 2009
March 2010
June 2010
July 2010
September 2010
October 2010
November 2010
January 2011
March 2011
February 2013
April 2013
September 2013
December 2013
August 2014
September 2014
October 2014
November 2014
January 2015
January 2016
September 2018
October 2018
November 2018
December 2018
January 2019
February 2019
March 2019
April 2019
May 2019
June 2019
July 2019
August 2019
September 2019
October 2019
November 2019
December 2019
January 2020
February 2020
March 2020
April 2020
May 2020
June 2020
July 2020
SEO Stats