Feature Request: Cross check feature
Permalink Browser Info Environment
Hi Nour, awesome add-on.
I have a feed back from client.
I think reasonable request.
Whenever we try to enable MFA, the service will confirm if the number is valid before activating the MFA.
I have an idea.
You could add an extra text field to validate generated token code.
After showing QR code, you could add a text field and ask users to validate the code.
Unless the add-on confirms the code is valid, you won't be able to activate user's MFA.
The client is generally happy with the add-on.
But he concerns that some user may ended up not saving QR code, and they will ended up having problem.
I understand that you've mentioned work-around to rescue those lost account.
But I do understand that users will be worried.
They must log-out and log back in.
Then they finally test if token is valid.
I've quickly checked AWS and Slack, they only activate MFA after you confirm the code once.
Therefore, the cross-check feature will be awesome.
Anyway,
I'm generally very happy with the add-on, great instruction, and easy to understand.
Great job!
I have a feed back from client.
I think reasonable request.
Whenever we try to enable MFA, the service will confirm if the number is valid before activating the MFA.
I have an idea.
You could add an extra text field to validate generated token code.
After showing QR code, you could add a text field and ask users to validate the code.
Unless the add-on confirms the code is valid, you won't be able to activate user's MFA.
The client is generally happy with the add-on.
But he concerns that some user may ended up not saving QR code, and they will ended up having problem.
I understand that you've mentioned work-around to rescue those lost account.
But I do understand that users will be worried.
They must log-out and log back in.
Then they finally test if token is valid.
I've quickly checked AWS and Slack, they only activate MFA after you confirm the code once.
Therefore, the cross-check feature will be awesome.
Anyway,
I'm generally very happy with the add-on, great instruction, and easy to understand.
Great job!
Type: | Discussion |
---|---|
Status: | Resolved |
I never thought of checking that the user had at least one good code before activating the system for them. It's a pretty good idea. I'm going to see how I can add that.