Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Users deleting 2fa without removing backup keys #28

Open
MaxHayman opened this issue Sep 17, 2020 · 2 comments
Open

Users deleting 2fa without removing backup keys #28

MaxHayman opened this issue Sep 17, 2020 · 2 comments

Comments

@MaxHayman
Copy link

Hey,

I get A LOT of support requests from people who remove otp but forget to remove backup keys and log out.

Can we have some option which requires Backup keys to be removed before or when they remove OTP?
@paul999
Copy link
Owner

paul999 commented Sep 20, 2020

Hmm, I am not fully sure what the best way to solve is. Technically, it is a perfect valid situation to just have backup keys, so I don't want to really force it to have them deleted. But I can see how it might be causing issues. I will need to think a bit more about this

@Aminuxer
Copy link

Aminuxer commented May 5, 2022

Static backup keys for users without main 2FA secrets can be found by this SQL query:

SELECT t1.*
FROM `phpbb_tfa_back_reg` t1
WHERE t1.user_id NOT IN
     (SELECT DISTINCT t2.user_id FROM phpbb_tfa_otp_reg t2)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@paul999 @MaxHayman @Aminuxer