Description
Feature and motivation
The article should mention, that it might be possible to ask developers, for creation of a "non-expiry special 2fa token" created for test team, so that the journey is still testable without disabling 2FA. That way you might turn someones attention that such possibility exists, rather than closing their attention on the fact that disabling is the only option
current: the only options mentioned for 2FA are to disable the 2FA
expected: The article should mention, that it might be possible to ask for a "non-expiry special 2fa token" created for test team, so that the journey is still testable without disabling 2FA. That way you might turn someones attention that such possibility exists, rather than closing their attention on the fact that disabling is the only option
Two Factor Authentication
Two Factor Authentication (2FA) is an authorization mechanism where a One Time Password (OTP) is generated using “Authenticator” mobile apps such as “Google Authenticator”, “Microsoft Authenticator” etc., or by SMS, e-mail to authenticate. Automating this seamlessly and consistently is a big challenge in Selenium. There are some ways to automate this process. But that will be another layer on top of our Selenium tests and not as secure. So, you should avoid automating 2FA.
There are few options to get around 2FA checks:
Ask your team to create a "special token" that will work in test environment, so that the functionality is still tested, just no need to use mobile device
Disable 2FA for certain Users in the test environment, so that you can use those user credentials in the automation.
Disable 2FA in your test environment.
Disable 2FA if you login from certain IPs. That way we can configure our test machine IPs to avoid this.