Skip to content

Add MFA form warnings and revise authenticator app list


  • On the TOTP form, add a warning for users to backup their TOTP codes and prompt users to use a second TOTP authenticator.
  • On the WebAuthn form, prompt users to have at least one TOTP on top of the WebAuthn (or a second WebAuthn device).
  • Emphasize in all MFA forms for new and existing users for new and additional authenticators/devices that is up to the user to backup their credentials and/or setup additional login methods to avoid being locked out.
  • Revise TOTP authenticator list by adding applications that support backup mechanisms and grouping them by platform.


Fixes #141 (closed)


New user with configure TOTP action: image

Existing user adding a TOTP authenticator via account settings: image

New user with WebAuth register action: image

Existing user adding a Webauthn device via account settings: image

Merge request reports