miketheautomater Posted January 17 Share Posted January 17 Please add TOTP secret key change history to Passwords. Please add audit logging for when the TOTP secret key is revealed/viewed/copied (just like passwords are) This is important because in a system with 700+ users, if someone accidentally edits the TOTP secret key or removes it, there is no way to recover it and you might be permanently locked out of an account, if that account does not have any other 2FA methods configured. Some enterprise systems like Microsoft Entra do not issue TOTP one-time account recovery codes. When users share passwords that have TOTP enabled on them, the TOTP secret key could be copied to a different authenticator app. Since the TOTP secret key is sensitive it should be treated like a password from an auditing and who knows it perspective. Digital Dynamics 1 Link to comment Share on other sites More sharing options...
Digital Dynamics Posted January 27 Share Posted January 27 +1 Link to comment Share on other sites More sharing options...
support Posted January 28 Share Posted January 28 Thanks for your request. Until we provide this feature, the way to recover any accidently changed/deleted OTP secrets is to restore a backup of your database - which can also be done to a test system. Regards Click Studios Link to comment Share on other sites More sharing options...
Digital Dynamics Posted February 18 Share Posted February 18 Great to see the audit log feature added *chefs kisses* Link to comment Share on other sites More sharing options...
support Posted February 18 Share Posted February 18 Link to comment Share on other sites More sharing options...
Goossens Posted March 19 Share Posted March 19 +1 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now