Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Reauth 2nd factor to change 2FA settings #484

Closed
iandunn opened this issue Oct 19, 2022 · 1 comment · Fixed by #529
Closed

Reauth 2nd factor to change 2FA settings #484

iandunn opened this issue Oct 19, 2022 · 1 comment · Fixed by #529
Assignees
@dd32
Labels
Enhancement
Milestone
0.9.0

Comments

@iandunn
Copy link
Member

iandunn commented Oct 19, 2022

Most sites w/ strong 2FA require re-authorizing the 2nd factor in order to make any changes to 2FA settings. Without that, certain types of attacks could disable 2FA, add unauthorized keys, etc.

For convenience, there could be a ~5 minute time window when re-auth isn't required, similar to sudo in Unix-based systems.

Related #476
@iandunn iandunn mentioned this issue Oct 19, 2022
Closed
@jeffpaul jeffpaul added this to the Future Release milestone Oct 19, 2022
@dd32
Copy link
Member

dd32 commented Nov 3, 2022

In order to facilitate this, having a cookie set that contains the last-time that 2FA was processed would be beneficial.

The redirect code in #490 may also be beneficial here, as with some validation of said cookie, could require re-auth to continue.

This was referenced Nov 3, 2022
Open
Open
Closed
This was referenced Jan 23, 2023
Closed
Closed
This was referenced Feb 20, 2023
Merged
Merged
Merged
@jeffpaul jeffpaul modified the milestones: Future Release, 0.9.0 May 8, 2023
@dd32 dd32 closed this as completed in #529 May 11, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dd32 dd32

Labels
Enhancement
Projects
None yet
Milestone
0.9.0
3 participants
@iandunn @dd32 @jeffpaul