28 lines
1.0 KiB
Markdown
28 lines
1.0 KiB
Markdown
|
# Enable Two-Factor Authentication
|
||
|
|
|
||
|
|
**ID:** EU-004
|
||
|
|
**Priority:** High
|
||
|
|
**Status:** Planned
|
||
|
|
|
||
|
|
## User Story
|
||
|
|
As an end user, I want to enable two-factor authentication on my account so that my account is protected even if my password is compromised.
|
||
|
|
|
||
|
|
## Acceptance Criteria
|
||
|
|
- [ ] User can enable 2FA from account settings
|
||
|
|
- [ ] Support for TOTP apps (Google Authenticator, Authy, etc.)
|
||
|
|
- [ ] Backup codes are generated and shown once during setup
|
||
|
|
- [ ] User must verify 2FA code during setup to confirm it works
|
||
|
|
- [ ] Login flow prompts for 2FA code when enabled
|
||
|
|
- [ ] User can disable 2FA (requires current 2FA code)
|
||
|
|
- [ ] Account recovery option if 2FA device is lost
|
||
|
|
|
||
|
|
## Technical Notes
|
||
|
|
- Mobile verification infrastructure exists (SMS OTP in registration)
|
||
|
|
- Can leverage existing `smarttwilio` integration for SMS-based 2FA
|
||
|
|
- TOTP implementation needs `otplib` or similar library
|
||
|
|
- Store encrypted TOTP secret in User model
|
||
|
|
- Consider supporting multiple 2FA methods (TOTP, SMS, security keys)
|
||
|
|
|
||
|
|
## Related TODOs
|
||
|
|
- New feature - no existing TODO
|