Lack of interest Require Two-Step verification to change Two-step verification options

This suggestion has been closed automatically because it did not receive enough votes over an extended period of time. If you wish to see this, please search for an open suggestion and, if you don't find any, post a new one.
K

Kirby

Well-known member
If a TFA trusted device is compromised and the attacker has access to the password he can change (or completely disable) Two-step verification for the account.

To mitigate this, it would IMHO be useful to require the password and Two-step verification for the session before Two-step verification options can be changed.
 
Upvote 5
This suggestion has been closed. Votes are no longer accepted.
I would think this would be a basic requirement when the user is wanting additional security steps. Simple reliance on the password is NOT enough if one has gone to the extent to enable additional security features.
Personally.. I REALLY wish XF would enable passkey ability natively also.
 

Similar threads

H
  • Solved
XF 2.3 I Can't Cancel Two-Step Verification
2
Replies
22
Views
125
htsumer
H
Q
  • Question Question
XF 2.3 two-step verification
Replies
1
Views
37
Old Nick
O
craigForo
  • Solved
XF 2.3 Two-step verification required
Replies
2
Views
66
craigForo
craigForo
alexm
  • Question Question
XF 2.2 How do I find the number of users with Two-step verification enabled?
Replies
5
Views
52
alexm
alexm
Jkay
  • Question Question
XF 2.2 Users Batch update, Require two-step verification
Replies
4
Views
91
Jkay
Jkay
Back
Top Bottom