It's possible to disable 2FA/MFA by querying the database? #14519
-
|
Altough the procedure is clear and well translated... Someone lost his 2FA/MFA OTP without backing up their codes... 🤦♂️ |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
I think we need to touch the database directly. However, if it is not possible to confirm the identity of the person for security reasons, I don't think it should be done. データベースを直接触る必要があると思う。ただし、セキュリティー的に確実に本人であると確認できないならやるべきではないと思う。 |
Beta Was this translation helpful? Give feedback.
-
|
I agree with you, could be dangerous if profile connected email gets hacked. BTW if administrators have evidence by profile's owner identification, 2FA/MFA should be allowed to be revoked. 私も同意します。プロファイルに関連付けられたメールがハッキングされた場合は危険です。ちなみに、管理者がプロファイルの所有者識別による証拠を持っている場合は、2FA/MFA を取り消すことができるはずです。 |
Beta Was this translation helpful? Give feedback.
I think we need to touch the database directly. However, if it is not possible to confirm the identity of the person for security reasons, I don't think it should be done.
データベースを直接触る必要があると思う。ただし、セキュリティー的に確実に本人であると確認できないならやるべきではないと思う。