Ian Dunn

icon indicating a website link https://iandunn.name

icon location Seattle

Results 452 comments of Ian Dunn

Timestamp for QR and Backup Code keygen

Related #476 #526 #459 #462

Add e2e tests for critical paths

I haven't used it yet, so I'm open to someone more knowledgeable having a different opinion, but that sounds like a logical approach 👍🏻 It looks like that's also what...

Help folks choose which provider is right for them

Another way to display it might be a matrix: | Provider | Security | Setup | Convenience | | ------------- | ------------- | ------------- |------------- | | **Email** | Weak...

Link to vendor-agnostic page for buying a security key

https://fidoalliance.org/fido-certified-showcase/ might be a good one, but the number of options could be overwhelming for most folks. If we link there, we could add something like, "The most popular options...

Link to vendor-agnostic page for buying a security key

Yeah, I think that's a good idea 👍🏻

Assets URIs computed wrong if plugin is loaded from /vendor

`plugins_url()` is the conventional/official approach though, isn't it? Do other plugins do something different that doesn't conflict with `vendor` installs, or would you need the `prefix_fix_two_factor_asset_uris()` workaround for other plugins...

Clarify TOTP setup instructions

Yeah, that's a fair point 👍🏻

Document code coverage report

Thanks! It doesn't seem to be showing any reports, so I guess documenting should probably wait until it's configured 👍🏻 Related #468

Document code coverage report

Related #364

Warn if recovery mode available

You're right, I didn't say that clearly. What I meant was that, in the context of this plugin, an attacker could bypass 2FA if they have access to a compromised...