Open evilaliv3 opened 2 years ago
@cyberflaneuse @giorgiofraschini @elbill @larrykind @maxmois @aetdr @schris-dk: I consider that this could be interesting to you all. Please feel free to provide your feedback if any.
I think this is extremely useful. It is important to balance this implementation with the average user of globaleaks, which is often not skilled enough. THis feature will inevitably increase the requests for assistence by users who had the software previously set up by IT colleagues. It is important to highlight this process (one-month and the 2factor becomes "binding"), as the users could be not prepared after that month. In general I think 1-month is a good time.
I think this is a good idea but should be optional.
Agree - should be optional setting decided by admin
Thank you all for your feedback! Later on i will try to think to some mockups for the possible feature and load it here.
We are enforcing it anyway, but I agree with others - it should be optional.
This ticket is to keep track of a set of changes possible changes and discussion in relation to 2FA and some improvements aimed at support adoption of 2FA in every whistleblowing project based on GlobaLeaks.
Currently 2FA has been implemented gradually and the system leave it optional to administrators to require it or leave it optional; Unfortunately the fact that the default of the application does not mandatory require 2FA causes that most of the project are running without this feature enabled.
With this ticket I would like to propose some possible improvements:
This could significantly raise the adoption of two factor authentication while offering the possibility to new users to test the system in simplicity during the the first month of their use.
This is just currently just and idea to stimulated the discussion; alternatives could be to simply require two factor authentication.