F
Fullmental
Guest
We are looking into way to lock down access to the ACP. Currently, if a staff member has two-factor authentication enabled (it is required for ACP access), they can bypass the 2FA by "trusting" the device for 30 days. This potentially leads to a scenario where someone could gain access to a password and authentication browser token, or just physical access to the device where the staff member is logged in, and simply enter the username and password to be able to make changes without the 2FA...
Read more
Continue reading...
Read more
Continue reading...