Lack of interest Require Two-Step verification to change Two-step verification options

This suggestion has been closed automatically because it did not receive enough votes over an extended period of time. If you wish to see this, please search for an open suggestion and, if you don't find any, post a new one.
K

Kirby

Well-known member
If a TFA trusted device is compromised and the attacker has access to the password he can change (or completely disable) Two-step verification for the account.

To mitigate this, it would IMHO be useful to require the password and Two-step verification for the session before Two-step verification options can be changed.
 
Upvote 5
This suggestion has been closed. Votes are no longer accepted.
I would think this would be a basic requirement when the user is wanting additional security steps. Simple reliance on the password is NOT enough if one has gone to the extent to enable additional security features.
Personally.. I REALLY wish XF would enable passkey ability natively also.
 

Similar threads

Jkay
  • Question Question
XF 2.2 Users Batch update, Require two-step verification
Replies
4
Views
81
Jkay
Jkay
Wanji
  • Solved
XF 2.2 You must enable two-step verification to access the control panel
Replies
10
Views
245
Wanji
Wanji
C
  • Question Question
XF 2.2 disable the protection layer of two-step verification
Replies
1
Views
342
duderuud
duderuud
XDinc
[XTR] Manage Two-step Verification Providers
Replies
1
Views
592
alfaNova
alfaNova
T
  • Question Question
XF 1.5 Two-Step Verification, admin login email confirmation.
Replies
4
Views
616
The West wind
T
Top Bottom