Update: Forgot Password #1538
Labels
ACK_WAITING
Issue waiting acknowledgement from core team before to start the work to fix it.
HELP_WANTED
Issue for which help is wanted to do the job.
UPDATE_CS
Issue about the update/refactoring of a existing cheat sheet.
Comments
gl4nce
added
ACK_WAITING
|
Backup Codes are listed and described as example of Offline Methods https://cheatsheetseries.owasp.org/cheatsheets/Forgot_Password_Cheat_Sheet.html#backup-codes. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What is missing or needs to be updated?
The section Offline Methods contains wrong information. The real-world examples are all leading to backup codes in connection with MFA, which is out of scope of this CS.
How should this be resolved?
The Section should be removed. AFAIK, there is no secure offline method for account recovery. Instead of removing it, this could be clearly stated there.
The text was updated successfully, but these errors were encountered: