launchpad-users team mailing list archive

[Heather Ellsworth <heather@xxxxxxxxxxxxxxx>]

Hello Launchpad Team,

I'm a member of the Ubuntu Community Council, and also an ex-Canonical 
employee, reaching out to start a discussion about how Launchpad 
accounts are handled when a person leaves the employ of Canonical.

When a person works for Canonical, 2FA is *required* for their Launchpad 
account (which makes sense), and not required for non-Canonical 
employees. However, when they stop working for Canonical they can lose 
access to their 2FA credentials and get locked out of their account, 
with no easy way to reset the 2FA tied to their Ubuntu SSO account.

I hit this issue when I moved onto another company and so have many 
others. Since we on the Ubuntu Community Council were discussing this 
issue, we wanted to open it up here and see what options might resolve 
this common problem.

In the offboarding process, could Canonical reset the 2FA tied to the 
user's Ubuntu SSO account as well as requiring them to add a secondary 
email address? (My guess is that most folks will already have a second 
email added, but resetting the 2FA of an account is moot if it's only 
tied to the user's Canonical email so both points would need to be 
required.)

Or perhaps there is another solution you might have in mind that would 
save users from getting locked out of their account when they move onto 
their next professional stage after Canonical.

Thanks so much for your time,

Heather