GustedJul 24, 2024

Oh no! a wild security feature for @forgejo has appeared that even Github doesn't have! https://codeberg.org/forgejo/forgejo/pulls/4662

#forgejo

[SEC] Add `totp_recovery_code` as SSH command

- When a person loses access to their TOTP (e.g. phone wiped) and didn't properly save their TOTP's scratch code they have to; they have to rely on the instance admins to authenticate with them that it is really their account, this can be a quite difficult and lengthy process to safely verify thi...

Codeberg.org
Show threadEfertone  

@Gusted Aweeesome, well done :)  

(tho I don't think "this is enabled by default" is the right approach for per-account settings, details under the PR)

Jul 25, 2024 at 12:12pmWeb