Why isn't there an automated MFA reset process?

According to Is there an automated MFA reset process?, there isn’t a way for end users to do self-service MFA reset. Instead, Auth0 provides API that I can use to build a reset feature myself. My security concern about doing that is: why didn’t Auth0 provide that feature out of the box? Isn’t being able to log in using a recovery code enough to prove who the user is? What are the security concerns that prevent Auth0 from making such MFA reset feature?

Thank you :slight_smile:

1 Like

Hi @thuannguy!

Thanks for the feedback. This seems like as much a question as it is a feature request. Would you please take a moment to submit this to our feedback page? This is a direct line to our product team, the folks who make these types of decisions. Thanks!


This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.