Closed martiangirlie closed 3 years ago
for the MIM (Man in the Middle) devices our best bet is going to be forcing HTTPS. : https://docs.mongodb.com/manual/tutorial/configure-ssl/
as for the 2 factor I have found this : https://medium.com/mongoaudit/how-to-enable-authentication-on-mongodb-b9e8a924efac
The two factor article you linked is more specific to mongo permissions. That's still good info that I'm gonna use, but I was more so referring to the email vs. password validation for 2FA. I.e each of those can be implemented in Ionic/Angular & Express w/ Mongo.
More like what you were showing before with the Twilio stuff.
We should be proactive against these types of devices
Further investigation will be required as to what implementation routes we'll want to take to prevent these attacks.
Side note in terms of security: don't let people save the password.
How will we do Two Factor Auth?