Open drewrawitz opened 4 months ago
KarimovFarda
commented
4 months ago Thanks for the heads-up! Encrypting the 2FA secret with AES sounds like a smart move to beef up security. I'll implement that using the built-in crypto library. If you have any other security tips or suggestions, feel free to share!
drewrawitz
commented
4 months ago Thanks for the heads-up! Encrypting the 2FA secret with AES sounds like a smart move to beef up security. I'll implement that using the built-in crypto library. If you have any other security tips or suggestions, feel free to share!
No problem! And if you need a hand with anything, just let me know. I’m happy to help!
Great job on the starter kit! I think this has a lot of potential. I noticed a security concern that I wanted to bring to your attention. The 2FA secret is currently being stored in plain text, which is a significant security risk. To address this, I recommend storing it encrypted using a secure encryption algorithm like AES. The built-in
cryptolibrary can be used to handle encryption and decryption. Encrypting the MFA secret will help protect users' accounts and prevent unauthorized access.