Skip to content

Add MFA form warnings and revise authenticator app list

Ira ¯\_(ツ)_/¯ requested to merge lambdaclan/infrastructure:mfa-form-warnings into master

Description

  • On the TOTP form, add a warning for users to backup their TOTP codes and prompt users to use a second TOTP authenticator.
  • On the WebAuthn form, prompt users to have at least one TOTP on top of the WebAuthn (or a second WebAuthn device).
  • Emphasize in all MFA forms for new and existing users for new and additional authenticators/devices that is up to the user to backup their credentials and/or setup additional login methods to avoid being locked out.
  • Revise TOTP authenticator list by adding applications that support backup mechanisms and grouping them by platform.

Tickets

Fixes #141 (closed)

Samples

New user with configure TOTP action: image

Existing user adding a TOTP authenticator via account settings: image

New user with WebAuth register action: image

Existing user adding a Webauthn device via account settings: image

Merge request reports