Send two factor authentication code by email instead of using app

  • Resolved blizzardco

    (@blizzardco)


    6 years ago

    Hi !

    I’m trying to ease the log in steps for my client.
    I’d like to keep the two factor authentication but it would be easier if they don’t have to use an authentication app.

    So i’d like to know if there is another way of sending the codes. Perhaps by sending an e-mail to the user’s address.

    Thanks in advance for your time !
    Alex

Viewing 1 replies (of 1 total)
  • WFGerroald

    (@wfgerald)

    5 years, 11 months ago

    Hey @blizzardco,

    Thanks for the feedback!

    This isn’t a feature we currently support, although there is a feature request for it.

    With that said, the reason why it’s not currently implemented is that email is much more insecure than using a device with a TOTP app. Our previous version of 2FA did support this, but we removed it due to the nature of it being insecure. Partly because WordPress passwords can reset by email (an email compromise would compromise both factors for the user’s sites).

    However, I’ll share your thoughts and add a link to this thread in the feature request so we can update you if there is any movement.

    Please let us know if you have any other thoughts, or if anything else comes up.

    Thanks,

    Gerroald

    • This reply was modified 5 years, 11 months ago by WFGerroald.
Viewing 1 replies (of 1 total)

The topic ‘Send two factor authentication code by email instead of using app’ is closed to new replies.