Skip to content

Interrupt user to confirm recovery options

Problem to solve

Users set up 2FA but don't keep/have recovery codes when needed

Background

For more background, see #211755 (closed)

Proposal

Extend the idea behind #30065 (closed). From #211755 (comment 344566294) and #211755 (comment 346030363)

Instead of a simple banner reminder, 'interrupt' the user with a quick page dedicated to it so it can't be ignored

Possibly add wording that account recovery may not be possible depending on the hosting company's policy. Also suggested in #219050 (closed)

Possible Future iteration: Being able to set dates for specific intentional moments:

  • Around holiday season when many people change phone
  • Around new iPhone release
  • Target "high risk" users: prompt when they're registering for a paid service

Documentation

Potentially add a note: https://docs.gitlab.com/ee/user/profile/account/two_factor_authentication.html

Availability & Testing

What does success look like, and how can we measure that?

Less 2FA account tickets and issues

Edited by Cynthia "Arty" Ng