[keycloak-user] Reset OTP

Dumitru Sbenghe dsbenghe at gmail.com
Tue Jan 10 00:45:36 EST 2017


Hi,

Correct me if I'm wrong but as far as I see the the only way to reset your
OTP is part of the reset password via email - optional feature (or disable
otp for that user in the admin ui) which seems to make the OTP usage as 2sv
heaps less secure than it should be considering that it can be reset
together with the password via email.

>From reading the docs to make a reset OTP via sms for example, an
authentication spi needs to be implemented, isnt it? Any plans to implement
a more secure otp reset as standard feature in KeyCloak?

Thanks,
Dumitru


More information about the keycloak-user mailing list