bobintetley
commented
2 months ago On second thoughts, the options would look weird on the users screen, perhaps a security tab on settings->options
Closed bobintetley closed 1 month ago
bobintetley
commented
2 months ago On second thoughts, the options would look weird on the users screen, perhaps a security tab on settings->options
bobintetley
commented
1 month ago One simpler way to implement the enforcement of 2FA - add a new boolean session flag "force2fa". It's set to true if the config option is on to enforce 2fa and the user logged in without it (it's done in users.web_login). The ASMEndpoint.check function can find that session flag being set and redirect the user to the change_user_settings screen, passing a parameter to show a message on that screen that 2FA must be enabled. When 2FA is finally enabled on that screen, it sets session.force2fa to false.
bobintetley
commented
1 month ago the Force2FA checkbox needs adding to the options screen now to enable, and password checking to be done from change_password and reset_password screens
Quite a few people have asked about forcing their users to use 2FA and/or stronger passwords.
Enforcing 2FA means redirecting them to the change user settings page on login, and then preventing them visiting anywhere else.
Enforcing stronger passwords needs to be done on the change password screen, since the sysadmin is going to create the first one for them.
The option to enforce both needs to be set with new tickboxes that will appear at the top of the Settings->System user accounts screen (but they are setting options in the configuration table of course).