Skip to content

Improvement: Expose authentication management options (password, 2FA, passkeys) in account settings #5876

Description

Summary

Users currently have no in-app way to manage authentication settings such as password changes, two-factor authentication (2FA), or passkeys. These options are not surfaced in the account settings UI at /account.

Current Behavior

  • No password change option in account settings
  • No 2FA enrollment or management
  • No passkey registration
  • Users must rely on the "Forgot password" flow on the login screen for password resets

Expected Behavior

Account settings should provide a dedicated Security section where users can:

  • Change their password (for password-based accounts)
  • Enroll in and manage two-factor authentication (TOTP, SMS, or hardware key)
  • Register and manage passkeys (WebAuthn / FIDO2)
  • View and revoke active sessions

Notes

  • AuthKit (WorkOS) supports passkeys and 2FA — this may primarily be a UI/surface issue rather than a backend capability gap
  • SSO users (Google, GitHub, etc.) would reasonably see a reduced set of options scoped to what's manageable on the AAO side
  • Priority: low / nice-to-have

References

Metadata

Metadata

Assignees

No one assigned

    Labels

    admin-toolInternal tools for AAO staffclaude-triagedIssue has been triaged by the Claude Code triage routine. Remove to re-triage.enhancementNew feature or requestneeds-wg-reviewBlocked on a working-group decision — surface in WG meeting agendaswebsiteAny issues related to the website

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions