On Mon, Jun 22, 2026 at 3:43 PM Daniel P. Berrangé <[email protected]> wrote:

>
> IMHO emailing admins is a process of last resort. You definitely need
> that to be possible, but you don't want users to have to use it as the
> primary process.
>
> When I talk of recovery tokens, I mean a system that is "self service"
> that does not create a burden / bottleneck on our admins long term.

I think that is a great goal, but how often does the
need to recover a token actually happen?[0]  Sure,
we only have a small number of people with 2FA
today, but the raw number of recovery incidents
should be helpful to know (and can be improperly
extrapolated to estimate the future load on
the admins).

Gary

[0] Depending on where you have your TOTP
token stored, some devices/services currently
backup that up to their own account backup
services (Authy, Apple, and Google (probably
others) enable backup of your tokens to their
various encrypted clouds, which (if you are
doing it right) have their own 2FA recovery
methods available to recover your account
and data).
-- 
_______________________________________________
devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it: 
https://forge.fedoraproject.org/infra/tickets/issues/new

Reply via email to