Account Recovery Process #15133
Labels
needs discussion
a product management/policy issue maintainers and users should discuss
security
Security-related issues and pull requests
Comments
miketheman
added
needs discussion
miketheman
changed the title
|
@tarekziade Thanks for inquiring! One of the key features of the recovery codes is to not lose them. Treat them like exactly what they are - recovery codes. In the catastrophic event that the user has lost their 2FA method, account recovery codes are there to help. Losing them doesn't accomplish the goal. However, if you're thinking of other account recovery processes, happy to hear a proposal! |
|
Closing this discussion due to lack of response and the addition of staffing that have been handling account recovery processes. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Would it be possible to implement a password reset process for users that are locked out of their 2FA with recovery codes lost? Right now the manual recovery process takes several months which can be problematic if you need to update a package that has a security issue.
GH uses SSH keys, or previously used devices techniques, see https://docs.github.com/en/authentication/securing-your-account-with-two-factor-authentication-2fa/recovering-your-account-if-you-lose-your-2fa-credentials#requesting-help-with-two-factor-authentication
Happy to help implementing something, or contributing in any way
Thanks
Originally posted by @tarekziade in #14010 (comment)
The text was updated successfully, but these errors were encountered: