Closed norgeindian closed 1 year ago
I've had this request in, and I don't agree with it as it can open up potential security holes on prod.
This module is only intended to disable 2FA during development -- not prod! But, if you wanted to do this, feel free to pull, fork & modify. I just don't want to bring it into this project as I don't think it would pass a security audit for 99% of sites.
@markshust , thanks for your feedback. Totally fine, and I understand your opinion here. That's why I wanted to ask first, before I start something.
@markshust , what do you think about the idea of extending the module, so that it's possible to define for specific users / user groups, if 2FA should be enabled or not? Would you accept a pull request in this direction, or is that something you would not like in the module?