-
Notifications
You must be signed in to change notification settings - Fork 9
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Log 2FA activities #20
Comments
Depending on if we allow it or not:
I also wonder if we want to log the password reset due to 2FA failure, as per: WordPress/two-factor#482 |
Yeah, those are good ideas 👍🏻 |
I think this would make sense to Contribute upstream to Stream, so I've opened xwp/stream#1386 |
A lot of the potential logging hooks would move with the introduction of WordPress/two-factor#504, so probably worth waiting until that is merged before attempting to add in any new hooks. |
@pkevan |
Decision needed: is this a blocker for launching the MVP, or should we punt it to the next iteration? |
I think we can punt to clearly indicate that it's not a blocker for the MVP. If it merges before we launch, though, then we can definitely include it. |
I've started some some logging via WordPress/wporg-mu-plugins#643 Included (as of right now)
Things not covered (yet?)
|
Not sure if it works like this, but the logging question got me thinking about how we tell the user about the status of their backup codes. Should there be a prompt once you get below a certain threshold, or run out to direct the user to regenerate them before locking themselves out? Be interesting to see how often backup codes are used generally, maybe with an MC stat or similar. |
I was thinking that the interstitial added via WordPress/wordpress.org#351 could be extended to:
I agree, a MC stat of auths per day by type would be potentially useful. |
Part of the problem with potentially over-prompting is that they become irrelevant, and also, if we're doing something different to other services, the users will probably be annoyed by them! Just thinking how many times i've been prompted to either check my settings or what methods are valid - it's probably close to zero times, unless being forced to change the method of auth. |
Yep, totally agree with you! Apparently GitHub does a 1-month after 2FA enable to verify the settings are expected, which is probably enough to prompt/remind you that "oh.. I think i threw that scrap of paper out.." or "I was going to add that extra key later and never did.." WordPress Core does annual "Is your email up to date?" notices too, which is super rare enough. Perhaps that kind of thing would be worth doing additionally if it was 6mth+ since last login or so. |
Never got one of these afaik |
It's disabled on WordPress.org, and is specifically for the main WordPress site admin email, not the account emails. Turns out that's every 6 months. |
It'd be good to log Stream or MC events when:
That way we have an audit trail to help if an account is compromised, and have stats around how often recovery is needed, etc.
Related WordPress/two-factor#462, WordPress/two-factor#476
It may be best to add something like
do_action( 'two_factor_log', $event )
upstream, and that could be used for those issues above and for this issue. Having a centralized action would let this plugin automatically log new events that are added upstream, but we still conditionally ignore them if we wanted to.The text was updated successfully, but these errors were encountered: