Please allow 2FA for Plesk login to send auth code to user's registered email address as an option (not just to phone).
Please allow 2FA for Plesk login to send authentication code to the user's registered email address as an option (not only to a phone).
Webserver panel login is usually undertaken in an office environment. Work mobile phones are not always on hand at our workplace, because they are needed for staff who are out-of-office.
Diane
shared this idea
Thank you for your suggestion. However, implementing such an feature will eliminate the whole purpose of MFA. The point is to secure access even in the event of potentially compromised password and email account. Sending the codes directly to the email account of the user would be a security vulnerability.
If a particular user lost access to their MFA device, what you can do is deactivate MFA only for that particular user by:
* Logging into Plesk panel as the admin user
* Navigating to Extensions > Multi-Factor Authentication (MFA) > Accounts tab
* Clicking on the Minus icon next to the corresponding user.
I hope that helps.
-- SH