0005121: No backup codes/entering 2FA-code for enabling two factor auth - SOGo

ID	Project	Category	View Status	Date Submitted	Last Update

0005121	SOGo	Web Preferences	public	2020-08-07 18:04	2020-08-10 14:10

Reporter	MAGIC	Assigned To
Priority	normal	Severity	feature	Reproducibility	N/A
Status	new	Resolution	open
Platform	Linux	OS	Debian	OS Version	10
Product Version	nightly master

Summary	0005121: No backup codes/entering 2FA-code for enabling two factor auth
Description	Hello, Since https://sogo.nu/bugs/view.php?id=5090 we have 2FA now. But I have two concerns: 1.) After enabling 2FA I miss backupcodes so we can't login to SOGo if we can't access our e.g. mobile phone due to e.g. erasure of data. 2.) There's no check like 'Hey did the user save the 2FA code inside of his phone before clicking on save after you enabled the 2FA checkbox?' This would be useful and you could remove following text 'You must enter this key into your Google Authenticator application. If you do not and you log out you will not be able to login again.'
Tags	No tags attached.

dragoangel 2020-08-07 18:39 reporter ~0014648	Agree - before allow save setting which enables - there must be prompt for: TOTP - to validate that user has corretly saved his key under desire of developers - password

Christian Mack 2020-08-10 14:08 developer ~0014656	That is an additional feature request. But yes it is advisable to check the second factor before saving that setting.

Date Modified	Username	Field	Change
2020-08-07 18:04	MAGIC	New Issue
2020-08-07 18:39	dragoangel	Note Added: 0014648
2020-08-10 14:08	Christian Mack	Severity	tweak => feature
2020-08-10 14:08	Christian Mack	Note Added: 0014656
2020-08-10 14:10	Christian Mack	Relationship added	related to 0005122