Improve 2FA setup story #6
Description
- pas.plugins.tfa version: all
- Plone Version: Classic 5.2/6.x
- Python version: 3+
- Operating System: Linux
Description
The current setup story for 2FA in the plugin is crude:
- Install pas.plugins.tfa addon
- Enable 2FA in user preferences
- User does this via their profile or;
- Administrator can set it via the Users control panel
- When a user logs in the first time after enabling they are presented with a QR code & entry form for a 2FA app
Proposal
In order to improve the usability of the plugin, I propose the following:
- Create a 'Setup 2FA' user action
- This provides a more intuitive way for users to set their 2FA up
- More in keeping with other SaaS products that provide 2FA
- Create a custom QR widget
- The existing widget is just an input widget forced to display mode
- Add clear instructions on setting up 2FA
- Create a 2FA control panel
- Allow administrators to enable global 2FA