Affects Version/s: None
Fix Version/s: None
Component/s: Application Security > Multi-Factor Authentication
- All types of Administrators and End Users may be able to use a backup code to sign into the system.
- Backup codes
- can be seen and used only if the MFA is turned on,
- turning the MFA off and on again, the backup codes persist (no physical removal),
- can be generated by users on demand after some additional (password) verification,
- can be seen only once and so
- have to be saved ahead by the users in time and
- have expiration period.
- As a(n) End User/Instance Administrator/Portal-wide (Omni) Administrator, I want to be able to generate, save and use backup codes to login if I cannot pass any of the verification steps successfully because of any reasons.
- As a(n) End User/Instance Administrator/Portal-wide (Omni) Administrator, I do not want my backup codes to be able to be seen or track by anyone after I saved them to myself.