{"id":6631,"date":"2021-05-10T17:28:07","date_gmt":"2021-05-10T14:28:07","guid":{"rendered":"https:\/\/mummila.net\/kommentit\/?p=6631"},"modified":"2021-05-10T17:28:07","modified_gmt":"2021-05-10T14:28:07","slug":"no-backup-recovery-code-mechanism-for-mfa","status":"publish","type":"post","link":"https:\/\/mummila.net\/kommentit\/2021\/05\/10\/no-backup-recovery-code-mechanism-for-mfa\/","title":{"rendered":"No backup\/recovery code mechanism for MFA"},"content":{"rendered":"

Summary<\/h4>\n

After setting up multi-factor authentication, losing the authentication code-generating device means losing access to the Mattermost account. While having MFA is excellent, I’m afraid to set it up for my admin user account (which is the one most critically needing it), because there’s no recovery mechanism in case I lose my authenticator device.<\/p>\n

Steps to reproduce<\/h4>\n
    \n
  1. Enable up multi-factor authentication in the System Console<\/a><\/li>\n
  2. Configure 2FA with an authenticator app on your phone<\/li>\n
  3. Break\/lose\/have your phone stolen<\/li>\n
  4. Try to log in<\/li>\n<\/ol>\n

    Expected behavior<\/h4>\n

    Have a ”use a backup code instead” link next to the MFA token prompt.<\/p>\n

    Observed behavior (that appears unintentional)<\/h4>\n

    There’s no alternative way to provide the MFA. You can not log in.<\/p>\n

    Possible fixes<\/h4>\n

    None available AFAICT. There’s no way to\u00a0add security keys as alternatives<\/a>\u00a0either.<\/p>\n

    There’s an existing Jira ticket ticket about this<\/a>\u00a0(and it’s linked to\u00a0an abandoned PR<\/a>), but it’s closed as ”moved to ProductBoard<\/a>\u00a0for prioritization”, and I don’t know what’s happened since then, as I don’t have access to ProductBoard (that I know of).<\/p>\n

    Mattermost version<\/h4>\n

    v5.34.2<\/p>\n","protected":false},"excerpt":{"rendered":"

    Losing the MFA device means losing access to the account. I’m afraid to set it up for my admin account, which is the one most critically needing it.<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8860],"tags":[14049,19],"class_list":["post-6631","post","type-post","status-publish","format-standard","hentry","category-vianhallintajarjestelmat","tag-mattermost","tag-security","sijainti-github"],"_links":{"self":[{"href":"https:\/\/mummila.net\/kommentit\/wp-json\/wp\/v2\/posts\/6631","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mummila.net\/kommentit\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mummila.net\/kommentit\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mummila.net\/kommentit\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/mummila.net\/kommentit\/wp-json\/wp\/v2\/comments?post=6631"}],"version-history":[{"count":3,"href":"https:\/\/mummila.net\/kommentit\/wp-json\/wp\/v2\/posts\/6631\/revisions"}],"predecessor-version":[{"id":6634,"href":"https:\/\/mummila.net\/kommentit\/wp-json\/wp\/v2\/posts\/6631\/revisions\/6634"}],"wp:attachment":[{"href":"https:\/\/mummila.net\/kommentit\/wp-json\/wp\/v2\/media?parent=6631"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mummila.net\/kommentit\/wp-json\/wp\/v2\/categories?post=6631"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mummila.net\/kommentit\/wp-json\/wp\/v2\/tags?post=6631"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}