No need for the trello link anymore, the roadmap also exists on the homepage now with more information and launch history. 
2 Likes
Obsidian accounts now support two-factor authentication. To enable, go to your account settings at obsidian.md/account.
It currently can be tested by insiders only.
Make sure youāve installed the insider build v1.4.5+ and the mobile app v1.4.8+ before enabling 2FA on your account to avoid getting locked out.
6 Likes
Yay! Do we have a rough idea of when the first public 1.4 release comes? Nothing exact but it is likely to be September or will it be longer?
Well, if I had only held my tongueā¦
It is released! I have just enabled it 
Thanks, all!
1 Like
Strange, this is the first site that offers 2FA that doesnāt also offer a backup method, e.g. 10 recovery codes. And Iāve enabled 2FA for maybe 50+ sites since day 1.
Unique and unsettlingā¦
sure, open a feature request for that.
1 Like
sigh
No. Itās not unique. I have dozens of accounts with 2FA, only 1/3 of which have backup codes.
Included in the set of accounts that donāt offer backup codes? Paypal. This comment is pure FUD.
2 Likes
Same lol. Itās not unique at all
Learn to read before accusing me of FUD. āRecovery codesā was an example
Again, plenty of sites unfortunately offer no recovery method. I hope this changes for all sites, including this one. Iāll open a feature request if someone hasnāt already. Recovery method for 2FA
1 Like
@obsequious just store the secret which is provided when you set up the 2FA. You can re-import it into any 2FA app.
Thatās the only ābackup codeā you need, the rest are completely redundant and unnecessary.
(Happy to be corrected if anyone can provide a reason for needing a separate backup code.)
1 Like
It is for when you donāt have your OTP code generating device, sometimes you might still need access and writing down the seed or the backup code are equally secure.
But if youāre using Obsidian, then by definition you are on a device and can import that code into a 2FA app and youāre good to go.
Iām thinking in terms of ārecoveryā. If youāre thinking of your workflow involving paper codes to get access when you donāt have your code-generating-device ā¦ I guess the backup codes are useful, but that might be a less common workflow.
But what is the downside? It also might reduce Obsidian support calls from people who donāt backup their seeds as has been the case for presumably every other service that has OTP support. The backup codes can be just as secure if they are as long as your seed (or you could make them even longer).
Takes development time and effort, and is unnecessary as backing up the already-provided code allows the same recovery as backing up the 8 digit codes.
Give me a list of well-known sites that donāt offer a backup/recovery method instead of hand-waving
@obsequious Obsidian already offers a backup/recovery method. All you need to do is backup the code provided during setup, and you can recover it in any 2FA app at any time in the future.
I agree that a 2FA token is backup-able by nature. To me a ābackup codeā is much more applicable when one has the option to use a hardware key (such as Yubikey) since it can quite literally be lost.
I would love hardware tokens as an option, as I said in the initial post / request of this thread, and thus backup codes would be quite mandatory too. But that will be a future feature change / improvement!
I am quite happy with a 2FA token! Significant upgrade from the total lack of option beforehand
1 Like
This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.