Best practise for setting up another user's 2FA?

[JayGee]

What's the best process for adding another user with TfaTotp 2FA? Just using it for the first time.

Should I supply them with them with the secret when I first create their account? Seems like a security risk?

Otherwise how do I create a 2FA user and let them login for the first time?

[adrian]

You create the user and then follow the instructions in this post https://processwire.com/blog/posts/pw-3.0.159/ which explains how to force the user to set up 2FA themselves.

[JayGee]

6 hours ago, adrian said:

You create the user and then follow the instructions in this post https://processwire.com/blog/posts/pw-3.0.159/ which explains how to force the user to set up 2FA themselves.

Ok I was only on latest master. Have updated and now have the options screen in that blog post.

But unless I'm thick I still can't figure out how to force TOTP? I see you can 'strongly suggest'.

I see Ryan wrote

Quote

ProcessWire hasn’t had an option to force users to use two-factor authentication, but likely will by next week. 

Has it just not happened yet?

[adrian]

6 hours ago, Guy Incognito said:

Has it just not happened yet?

Not certain, but it sounds like it hasn't made it in yet - sorry, I forgot that feature wasn't in yet.

[JayGee]

3 minutes ago, adrian said:

Not certain, but it sounds like it hasn't made it in yet - sorry, I forgot that feature wasn't in yet.

No probs thanks for your help. This is the first time using PW 2FA on a client project and just making sure I get my facts straight before looking like a fool ?

[JayGee]

I think I can also implement pseudo enforcement by not dishing out roles to users until they opt into the suggest 2FA. ?