Some nuances to consider: Bitbucket requires 2FA resubmission to view/update settings, not just password reconfirmation.
Reconfiguration vs (re)adding a phone with the same key as before. * GitHub says "You’re about to change your two-factor authentication device. This will invalidate your current two-factor devices. This will not affect your recovery codes or fallback SMS configuration. Those can be updated on the two-factor settings page." * Bitbucket only lets you disable, then re-enable * Dreamhost has separate options to view your key, vs regenerate. I like this. Many sites will show you the text form of the key, so you can enter it manually. Not sure if this is really needed for anyone? Phones/apps without camera support? --- ** [tickets:#8117] Implement core 2FA** **Status:** in-progress **Milestone:** unreleased **Labels:** security **Created:** Mon Aug 15, 2016 03:54 PM UTC by Dave Brondsema **Last Updated:** Mon Aug 15, 2016 03:54 PM UTC **Owner:** Dave Brondsema This ticket is for the essential functionality for TOTP 2FA, separate tickets for other aspects Some details at http://mail-archives.apache.org/mod_mbox/allura-dev/201608.mbox/%3C28c7a399-86c5-5d75-dde4-2ab54fe7b3e4%40brondsema.net%3E --- Sent from forge-allura.apache.org because dev@allura.apache.org is subscribed to https://forge-allura.apache.org/p/allura/tickets/ To unsubscribe from further messages, a project admin can change settings at https://forge-allura.apache.org/p/allura/admin/tickets/options. Or, if this is a mailing list, you can unsubscribe from the mailing list.