oreoshake/gist:d6936d8ef61ee1cbf42bc836515743e4

Last active July 31, 2017 20:54

Star (0) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/oreoshake/d6936d8ef61ee1cbf42bc836515743e4.js"></script>
Save oreoshake/d6936d8ef61ee1cbf42bc836515743e4 to your computer and use it in GitHub Desktop.

Download ZIP

2fa flow

Raw

gistfile1.md

Current way:

User starts the flow
sudo challenge (https://github.com/blog/1513-introducing-github-sudo-mode)\*
scan totp seed
confirm totp seed
Download recovery codes / confirm backup number / enroll in delegated recovery (one or more)

User "prints recovery codes
User copies recovery to clipboard and stores elsewhere
User downloads a file containing the recovery codes
User provides phone number verified by code delivered via SMS
User enrolls in delegated recovery with facebook

Confirm recovery saved (options 1-3 above require manual confirmation)
🔒

Proposed way:

User starts the flow
sudo challenge (https://github.com/blog/1513-introducing-github-sudo-mode)\*
Download recovery codes / confirm backup number / enroll in delegated recovery (one or more)

User "prints recovery codes
User copies recovery to clipboard and stores elsewhere
User downloads a file containing the recovery codes
User provides phone number verified by code delivered via SMS
User enrolls in delegated recovery with facebook

scan totp seed
confirm totp seed
🔒

sudo mode requires that a password has been entered recently.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment