User should be prompted for 2-f everytime he auths to a site requiring 2-f
Bug #932907 reported by
David Owen
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Canonical SSO provider |
Confirmed
|
Medium
|
Unassigned | ||
Bug Description
This is in contrast to marking the user's session as being 2-f upgrade, and just letting it go through. This would be a little better security, and more inconvenient.
If this approach is selected, I think it makes sense to keep the flow as 1) indicate permission for site, 2) enter 2-f code. See bug #930215.
| Changed in canonical-identity-provider: | |
| status: | New → Confirmed |
| importance: | Undecided → Medium |
| Changed in canonical-identity-provider: | |
| milestone: | 2-factor-internal-rollout → 2-factor-post-rollout |
| Changed in canonical-identity-provider: | |
| milestone: | 2-factor-post-rollout → none |
To post a comment you must log in.
