Place Your Ad Here

Ques/Help How to require two-step authentication on every access of ACP?

F

Fullmental

Guest
We are looking into way to lock down access to the ACP. Currently, if a staff member has two-factor authentication enabled (it is required for ACP access), they can bypass the 2FA by "trusting" the device for 30 days. This potentially leads to a scenario where someone could gain access to a password and authentication browser token, or just physical access to the device where the staff member is logged in, and simply enter the username and password to be able to make changes without the 2FA...

Read more

Continue reading...
 
You must log in or register to reply here.

Similar threads

J
Ques/Help Users Batch update, Require two-step verification
Replies
0
Views
20
XenForo General Discussions
Jkay
J
B
Bug Push notifications require new user permission every time browser cookies are cleared
Replies
0
Views
396
XenForo General Discussions
bzcomputers
B
K
Ques/Help Require users to tag their posts
Replies
0
Views
448
XenForo General Discussions
karnaf
K
W
XenForo You must enable two-step verification to access the control panel
Replies
0
Views
15
XenForo Development & Modifications
Wanji
W
C
Ques/Help disable the protection layer of two-step verification
Replies
0
Views
287
XenForo General Discussions
canina
C
Top Bottom
Back