Recovery method for 2FA

Use case or problem

Recover account when 2FA is unavailable

Proposed solution

Backup codes generated at time of 2FA setup. Offer download button to store 10 auto-generated backup codes as plaintext file in downloads folder. Ask user to use an a code before they are allowed to enable 2FA to ensure they have the codes. Allow new codes to be generated whenever thereafter they are logged-in.

Related feature requests

5 Likes

You can store this code and re-import it into any 2FA app, which negates the need for any other backup code.

This solves the user story of “A user has lost access to their 2FA device and needs a way to regain access to their Obsidian account.”

As the code above can be backed up and allow users to regain access to their account, adding the 10 auto-generated codes seems redundant and unnecessary dev work.

It is for when you don’t have your OTP code generating device, sometimes you might still need access and writing down the seed or the backup code are equally secure.

2 Likes

which negates the need for any other backup code.

No sorry that is incorrect. The 2factor code implementation could fail due to a glitch in the solution or some other problem with communication. You might lose access to your 2factory codes. You always need a backup in case something goes wrong. There are real reasons why backup codes are offered with many 2factor implementations.

2 Likes

Same issue for me now. The 2FA code I had saved for some reason will not work, so my account cannot be accessed even with a reset of a password.

Just encountered the same issue myself and had to contact Obsidian support (who ere quite helpful) to regain full access to my account, though I was lucky to have made my account very recently, otherwise I may have forgotten some of the details required for retrieval.
I think backup codes are a necessity for a 2FA system.

1 Like