On 09/05/2013 01:01 PM, Ian Weller wrote:
On Thu, Sep 05, 2013 at 04:50:04PM +0200, Pierre-Yves Chibon wrote:
> 3) Ask for password, validate, then ask for 2 fa is set up
+1, my first instinct was this method as well, and yes it is something
that a lot of other sites with 2fa seem to be doing (two other examples
to add to your list are digitalocean and amazon aws).
The extra security seems worth it.
-Ricky