🌟 Additional login security (2FA/passkey/webauthn)

[gitmotion]

Is your feature request related to a problem? Please describe.

• changing admin email sends the confirmation email to new email instead of current email. effectively not notifying the original email of this change
• additional security features like 2FA/etc might be good as attendee details / etc are all sensitive

Describe the solution you'd like

• Should send the confirmation to the email that is currently saved to the database instead

Describe alternatives you've considered

• Login 2FA?
• I could see adding auth on the reverse proxy level could help but that would be sitewide

Additional context Won't go as far as saying this is a bug or vulnerability as Stripe details can only be accessed through deployment. However without additional security like 2FA, someone could try to bruteforce passwords or try a leaked password and change the email without the user even knowing. Additional security could help here :)

[daveearley]

Thanks for reporting this @gitmotion! I'll fix the email issue ASAP. As for 2FA, that's definitely on the long term roadmap.

[daveearley]

@gitmotion This has now been fixed. I'll leave the ticket open as a 2FA feature request. Thanks again

[gitmotion]

@daveearley awesome. just pulled the latest image and saw that it was working flawlessly 👏🏼