Recover account when 2FA is unavailable
Backup codes generated at time of 2FA setup. Offer download button to store 10 auto-generated backup codes as plaintext file in downloads folder. Ask user to use an a code before they are allowed to enable 2FA to ensure they have the codes. Allow new codes to be generated whenever thereafter they are logged-in.
You can store this code and re-import it into any 2FA app, which negates the need for any other backup code.
This solves the user story of “A user has lost access to their 2FA device and needs a way to regain access to their Obsidian account.”
As the code above can be backed up and allow users to regain access to their account, adding the 10 auto-generated codes seems redundant and unnecessary dev work.
It is for when you don’t have your OTP code generating device, sometimes you might still need access and writing down the seed or the backup code are equally secure.
