Allow account recovery via SMS with 2FA enabled
Problem
Users should be as self-sufficient as possible when managing their account. This takes pressure off instance administrators when users may lose access to their account and unwittingly put it into an unrecoverable state when using 2FA.
A typical recovery approach is to allow a user to provide a phone number associated with their user account and allow recovery via SMS message. We should consider adding similar support for account recovery via SMS in GitLab.
Proposal
- Allow SMS account recovery to be enabled or disabled in the admin panel.
- When enabled, allow a user to specify a phone number as a recovery option when 2FA is enabled.
Other
GitHub: