Allow auto-save password if 2FA used

Church Account is the primary user account (user name and password) for accessing online Church resources. Church Account was formerly known as LDS Account. This forum is a space to discuss all things related to Church Accounts (registration, account recovery, user experience, vulnerabilities, etc.).
Post Reply
ScottDRichards
New Member
Posts: 1
Joined: Thu Jan 19, 2017 5:15 pm

Allow auto-save password if 2FA used

#1

Post by ScottDRichards »

I didn't want to resurrect another thread https://tech.lds.org/forum/viewtopic.php?f=30&t=13147 but I think disallowing password saving should be reconsidered. My mom just chose a very secure password for her account and typing it in on the phone browser every time she wants to log in it is a pain (taking 4 or 5 tries). This has presented me with a few solutions: tell her to use an short simple password, set her up with lasspass, or just forgo using the website on mobile. I think that using 2-factor authentication should assuage any fears of sensitive data being accessible to other people. E.g., a computer that is accessed by a stake president and a ward member. Whenever sensitive data is requested, the website can immediately invalidate the session and re prompt for the 2FA token for an elevated session.

Alternatively, you can have users log in every month with their full password, and then use a PIN during the month to login.
Post Reply

Return to “Church Account”