Enhancements to `2fa_recovery_codes`
Description
Currently the 2fa_recovery_codes
mechanism only requires access to a user's private SSH key to regenerate new 2fa codes. In many cases, this is low risk, however, the impact can be further minimized to more extreme cases with the following enhancements.
Proposal
- Require current user password to be verified before generating codes. This will reduce impact of accidental SSH key leakages.
- Generate an email to the user indicating that new code were generating using this method. This is a standard practice when authentication settings are modified.
- Record the generation of new codes in a user accessible way; for example, displayed as an entry in the user's "Authentication Log".
Links / references
Edited by Antony Saba