Hi,
We’re looking into paper tokens as backup for when OTP apps / phones fail or yubikeys are lost.
Is there a way to limit the amount of tokens on the list of the paper token?
99 seems like an unnecessarily large number.
Gitlab gives a list of 10 2fa backup codes for example…
Cheers,
Johannes
The paper token is not designed as backup codes.
It is designed as a TAN list. This is why it defaults to 100!
Do never ever compare privacyIDEA to gitlab!
Of course you can use a policy to change this number.
Well,
Maybe there is a better option to serve as “backup codes”?
And yes, I know having two factor in the same doesn’t make sense etc pp. But idea of a small number of otps is not wrong?
Anyway, which policy decides how many OTPs are generated? Any hints?^^
I do not know. I would also have to check the manual.
I think it is an enrollment policy.
Ah yes, it is an enrollment policy. Thanks.
https://privacyidea.readthedocs.io/en/latest/policies/enrollment.html#papertoken-count
1 Like