[wp-meta] [Making WordPress.org] #6825: 2FA: Backup codes activating themselves without 2FA enabled
Making WordPress.org
noreply at wordpress.org
Thu Mar 2 13:15:22 UTC 2023
#6825: 2FA: Backup codes activating themselves without 2FA enabled
------------------------------------+--------------------
Reporter: TobiasBg | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone:
Component: Login & Authentication | Keywords:
------------------------------------+--------------------
In reference to
https://wordpress.slack.com/archives/C02RQC6RW/p1677760569950479 :
It appears that the new 2FA feature on wp.org auto-activates that backup
codes are required just when visiting the "Backup codes" screen (I'm
pretty sure that I never activated the "I have saved the backup codes"
checkbox nor clicked the Activate button on the backup codes screen).
This happened even without 2FA enabled. Activating/storing backup codes
only really makes sense if 2FA is enabled, in my opinion.
The opening of the backup codes screen should therefore be part of the
workflow of activating 2FA. And, when accessing it before 2FA is enabled,
it should redirect to the 2FA setup screen.
--
Ticket URL: <https://meta.trac.wordpress.org/ticket/6825>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org
More information about the wp-meta
mailing list