On Tue, Mar 17, 2020 at 05:45 Marco Agostini < [email protected]> wrote:
> ----- Messaggio originale ----- > > Da: "ccoborgers" <[email protected]> > > A: "user" <[email protected]> > > Inviato: Martedì, 17 marzo 2020 10:29:35 > > Oggetto: Re: Is it possible to reset otp 2fa data for one single user > > > Thanks :) > > > > I was looking for such a sql statement > > > > But is it ok or better is it safe enough to delete only the confirmation > > flag without clearing the secret? > > > Depends If your user have lost the phone :-) > In that case I prefer to destroy the user and recreate it. > I'm not sure about deleting the entire user account, but you can clear out the TOTP secret attribute and this will result in the user getting prompted to reconfigure TOTP with a fresh secret key, which is certainly more secure. If the user is doing something like switching phones or wants to add another device with the same TOTP key, clearing the confirm flag may be sufficient. Related to this, there is a JIRA issue for this functionality in the admin interface - you're definitely not the first to request it. I've got it mostly working - pull request is under review: https://issues.apache.org/jira/browse/GUACAMOLE-770 https://github.com/apache/guacamole-client/pull/495 -Nick
