Follow-up from "Extend notifications and audit events for OTP and WebAuthn disablement"
The following discussion from !206605 (merged) should be addressed:
-
@eduardosanz started a discussion: (+3 comments) suggestion (non-blocking): I would suggest a more compact sentence, like: 'Your WebAuthn device
Mac TouchIdhas been deleted from...`. We do something like that for access tokens. -
make the message more compact -
Add, if necessary, additional information like GitHub
When the OTP is the only 2FA and it is removed:
-
Make sure that the 2 emails are sent: disable 2FA and remove OTP -
Make sure that recovery codes are reset.
Edited by Jio Castillo