Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security: 2FA switching phones is cumbersome #22572

Closed
simison opened this issue Feb 17, 2018 · 2 comments
Closed

Security: 2FA switching phones is cumbersome #22572

simison opened this issue Feb 17, 2018 · 2 comments
Labels
FixTheFlows Security [Type] Enhancement Changes to an existing feature — removing, adding, or changing parts of it

Comments

@simison
Copy link
Member

simison commented Feb 17, 2018
edited
Loading

Moving WP 2FA to a new phone is confusing and requires too much reading.

People who use WordPress are very likely to get a new phone every now and then.

Steps to reproduce

  1. Buy a new phone 📱✨ & have your old phone with you ☎️
  2. Go to https://wordpress.com/me/security/two-step
  3. Confirm that you have 2FA set up previously:
    image
  4. Since there's no indication how to move this to a new phone, I head over to Help. I try "2FA", "two factor"... no dice. I realise it's "two step..." which brings me to correct help article.
    image
  5. At the help article, I find "Moving to a New Device" among everything else.
  6. These are the steps I'm told to follow. There are 3 links (marked in bold here) to additional help sections.
    1. Print a set of backup codes for your user account by following the steps here. DO NOT SKIP THIS STEP.
    2. On your new device, install the authenticator app.
    3. Disable the Two Step Authentication link with your old device by following the steps here.
    4. Set up your user account to link to your new device by following the steps here.
    5. If you are prompted to enter your verification code, use a code from your list of backup codes. Backup codes are one-time use only.
    6. You can now uninstall the authenticator app from your old device.

What I expected

Some as easy and smooth way to add new phones as others have, e.g. Google:

image

What happened instead

I felt lost.
simison added a commit that referenced this issue Feb 17, 2018
@simison
Security: add instructions how to change phone for 2FA
4941244 
Links to a support article about moving 2FA to a new phone:

https://en.support.wordpress.com/security/two-step-authentication/#moving-to-a-new-device

Improves #22572
@simison simison mentioned this issue Feb 17, 2018
Merged
@rachelmcr
Copy link
Member

Absolutely agree. Should we reopen #19? That seems to cover the same issue you've reported here.

@rachelmcr rachelmcr added the [Type] Enhancement Changes to an existing feature — removing, adding, or changing parts of it label Feb 19, 2018
@simison
Copy link
Member Author

simison commented Feb 19, 2018

@rachelmcr totally, I'll close this one and re-open there. Thanks!

@simison simison closed this as completed Feb 19, 2018
simison added a commit that referenced this issue Feb 22, 2018
@simison
Security: add instructions how to change phone for 2FA (#22573)
7fe0f1e 
Links to a support article about moving 2FA to a new device:

https://en.support.wordpress.com/security/two-step-authentication/#moving-to-a-new-device

Improves: #22572
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
FixTheFlows Security [Type] Enhancement Changes to an existing feature — removing, adding, or changing parts of it
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@simison @rachelmcr