Liblor
commented
5 years ago If we don't implement it, we should put it at least under "additional countermeasures"
Open keyctl opened 5 years ago
Liblor
commented
5 years ago If we don't implement it, we should put it at least under "additional countermeasures"
To improve security, e.g. agains bruteforce attacks, we could require 2FA when a user wants to login via password authentication.
The assignments provides us with email addresses, which we could use in our network to implement a scheme like the one used by GitHub.
One thing to consider is how to handle a case where a user lost their certificates. That way, the user is not able to read encrypted emails, but they cannot login to our service as they have neither password nor certificate.