Recover account when 2FA is unavailable
Backup codes generated at time of 2FA setup. Offer download button to store 10 auto-generated backup codes as plaintext file in downloads folder. Ask user to use an a code before they are allowed to enable 2FA to ensure they have the codes. Allow new codes to be generated whenever thereafter they are logged-in.
You can store this code and re-import it into any 2FA app, which negates the need for any other backup code.
This solves the user story of “A user has lost access to their 2FA device and needs a way to regain access to their Obsidian account.”
As the code above can be backed up and allow users to regain access to their account, adding the 10 auto-generated codes seems redundant and unnecessary dev work.
It is for when you don’t have your OTP code generating device, sometimes you might still need access and writing down the seed or the backup code are equally secure.
which negates the need for any other backup code.
No sorry that is incorrect. The 2factor code implementation could fail due to a glitch in the solution or some other problem with communication. You might lose access to your 2factory codes. You always need a backup in case something goes wrong. There are real reasons why backup codes are offered with many 2factor implementations.
Same issue for me now. The 2FA code I had saved for some reason will not work, so my account cannot be accessed even with a reset of a password.
Just encountered the same issue myself and had to contact Obsidian support (who ere quite helpful) to regain full access to my account, though I was lucky to have made my account very recently, otherwise I may have forgotten some of the details required for retrieval.
I think backup codes are a necessity for a 2FA system.
Hello,
Were you able to resolve the 2FA login issue by reaching out to Obsidian support? Any insights on your experience would be really helpful.
Thanks!
This is available now
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.
