phase
commented
6 years ago We can implement this in two ways:
- Don't allow the user to join the organization if it requires 2FA and they don't have 2FA.
- Let them join but don't allow them to do anything.
The second option would be harder to implement, and not checking every error could lead to a security issue, so I think the first option is the route we should go.
I'm scheduling this for v2.1 as I believe it won't be needed until then. Shout any objections.
Aaron1011
GitHub has a feature where organizations can require that all members have 2fa enabled for their respective accounts. It would be nice if Ore provided a similar feature for interested organizations.