Page 1 of 1

Allow auto-save password if 2FA used

Posted: Thu Jul 06, 2017 1:18 pm
by ScottDRichards
I didn't want to resurrect another thread but I think disallowing password saving should be reconsidered. My mom just chose a very secure password for her account and typing it in on the phone browser every time she wants to log in it is a pain (taking 4 or 5 tries). This has presented me with a few solutions: tell her to use an short simple password, set her up with lasspass, or just forgo using the website on mobile. I think that using 2-factor authentication should assuage any fears of sensitive data being accessible to other people. E.g., a computer that is accessed by a stake president and a ward member. Whenever sensitive data is requested, the website can immediately invalidate the session and re prompt for the 2FA token for an elevated session.

Alternatively, you can have users log in every month with their full password, and then use a PIN during the month to login.