Investigate security measures of skimming attacks by police

[martiangirlie]

• We should be proactive against these types of devices

• Further investigation will be required as to what implementation routes we'll want to take to prevent these attacks.

• Side note in terms of security: don't let people save the password.

• How will we do Two Factor Auth?

[Hermesthe]

for the MIM (Man in the Middle) devices our best bet is going to be forcing HTTPS. : https://docs.mongodb.com/manual/tutorial/configure-ssl/

as for the 2 factor I have found this : https://medium.com/mongoaudit/how-to-enable-authentication-on-mongodb-b9e8a924efac

[Hermesthe]

Https: https://www.hostinger.com/tutorials/ssl/forcing-https

[martiangirlie]

The two factor article you linked is more specific to mongo permissions. That's still good info that I'm gonna use, but I was more so referring to the email vs. password validation for 2FA. I.e each of those can be implemented in Ionic/Angular & Express w/ Mongo.

More like what you were showing before with the Twilio stuff.

[martiangirlie]