Backup Code Login Method

  • Resolved jetxpert

    (@jetxpert)


    4 years, 10 months ago

    Good Day!

    The backup codes feature SiteGround introduced with V1.1.0 is great, but it’s a “bare bones” configuration that needs more pizzazz, more meat.

    Specifically:

    (1) Please enhance the backend section where the backup codes are being listed. For example, add an explanation and other features (e.g., print, download, etc.) to it as shown below (Reference: WordPress Security Article)

    njn4-YDTa-Qq6h6jwu-AAEB3w

    (2) If someone doesn’t have a copy, lost, nor has access to their backup codes, the current backup code system offered by SGS is useless. Recommend updating the login panel (bottom section) to replace the link “Login using backup codes” with the following:

    Or use a backup method:
* Use backup code
* Email verification code

    The key (enhancement) is: Email verification code which would be emailed to the account holder’s registered email.

    login-panel-backup-alternate

    Thank you!

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Hristo Pandjarov

    (@hristo-sg)

    SiteGround Representative

    4 years, 10 months ago

    Number one is already in the works and will be soon available. As to number two, if someone has lost access to their 2FA device, they should contact the owner of the site to have their 2FA reset. If they are the owner of the site, in the next version it will be easy to have it reset through ssh/filter. Email is not a second factor and we will not add it as method of authentication.

    Thread Starter jetxpert

    (@jetxpert)

    4 years, 10 months ago

    @hristo-sg,

    As always, thanks for your help. In response:

    What do you mean by resetting the 2FA codes? In the case of your plugin, site owner’s cannot reset them. They are generated automatically by SiteGround in the background or by the Authenticator app. Looks like your filter will help.

    Concerning our other request, why wouldn’t SG implement emailing the 2FA code? Emailing the 2FA code or any other is also considered a 2FA method.

    Supporting Document: https://www.investopedia.com/terms/t/twofactor-authentication-2fa.asp

    Not having the ability to email the 2FA code or providing another frontend 2FA method to registered users is going to cause headaches for many users, including SiteGround.

    Cheers!

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Backup Code Login Method’ is closed to new replies.