Disable 2FA only for specific users / user groups

markshust / magento2-module-disabletwofactorauth

The DisableTwoFactorAuth module provides the ability to disable two-factor authentication.

MIT License

194 stars 39 forks source link

Disable 2FA only for specific users / user groups #21

Closed norgeindian closed 1 year ago

norgeindian commented 1 year ago

@markshust , what do you think about the idea of extending the module, so that it's possible to define for specific users / user groups, if 2FA should be enabled or not? Would you accept a pull request in this direction, or is that something you would not like in the module?

markshust commented 1 year ago

I've had this request in, and I don't agree with it as it can open up potential security holes on prod.

This module is only intended to disable 2FA during development -- not prod! But, if you wanted to do this, feel free to pull, fork & modify. I just don't want to bring it into this project as I don't think it would pass a security audit for 99% of sites.

norgeindian commented 1 year ago

@markshust , thanks for your feedback. Totally fine, and I understand your opinion here. That's why I wanted to ask first, before I start something.