Goal of this workflow
Mark users that should change the authentication method from another 2nd factor to mTAN/SMS and let them migrate at the next login (or by a specific point in time).
Mark users that should change the authentication method from another 2nd factor to mTAN/SMS and let them migrate at the next login (or by a specific point in time).
Security Advisory
The migration process assumes that it is OK to register the mobile phone number used for later authentication on a session authenticated by the existing credentials. In other words, the authenticity of the mobile phone number cannot be stronger than the existing authentication scheme before the migration.
Therefore, never use this workflow if the authentication scheme is weak.