I have integrated account-2fa of meteor into my project and everything going well,
I have two questions:
1)is it possible to generate backup codes, is this something I have myself to integrated or does Meteor have a built in 2fa function that does that?
2)why is it not possible to use Accounts.disableUser2fa when user is not logged in
I’m asking this for the purpose of resetting 2fa incase user lost ability to his authenticator app codes
1 - Today, this is something that you need need to create and manage yourself.
2 - It’s for security reasons. If there was a way to disable the user 2fa without having the user logged in, anyone could disable the 2fa of any account. So 2fa would become useless. But, if you want to have this ability on your app as an admin, the code is simple as this. You just need to unset the
services.twoFactorAuthentication from the user of your choice. But this ability should never be exposed to normal users on your app.