[openstreetmap-website] Implement optional two-factor authentication (#979)

Tom Hughes notifications at github.com
Fri May 29 16:37:30 UTC 2015

Unless we actually have a volunteer to do the work then I can't see this happening in the near future. I also worry about the extra support load it would inevitably create - we just don't have the resources to build and run such a system.

Yes actually adding TOTP might (I haven't looked into it so I don't know) be easy, but once you have that you also need to build a vastly more sophisticated account recovery system, otherwise you might as well not have it because the account recovery will be far weaker than the actual login. There's a reason other sites won't let you setup two factor until you've setup things like SMS for recovery.

People that want it can already get it anyway, by using an external authentication provider that supports it.

Reply to this email directly or view it on GitHub:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20150529/9ca86fe2/attachment.html>

More information about the rails-dev mailing list