Why isn't there an automated MFA reset process?

thuannguy · September 10, 2020, 2:57pm

According to Is there an automated MFA reset process?, there isn’t a way for end users to do self-service MFA reset. Instead, Auth0 provides API that I can use to build a reset feature myself. My security concern about doing that is: why didn’t Auth0 provide that feature out of the box? Isn’t being able to log in using a recovery code enough to prove who the user is? What are the security concerns that prevent Auth0 from making such MFA reset feature?

Thank you

dan.woda · September 11, 2020, 4:37pm

Hi @thuannguy!

Thanks for the feedback. This seems like as much a question as it is a feature request. Would you please take a moment to submit this to our feedback page? This is a direct line to our product team, the folks who make these types of decisions. Thanks!

Dan

dan.woda · September 25, 2020, 8:37pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.