Open steveblamey opened 3 years ago
steveblamey
commented
3 years ago We should also review password and account lockout policies, etc. with reference to https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63b.pdf. Particularly note section 5 in conjunction with Appendix A.
steveblamey
commented
2 years ago https://github.com/uzerpllp/uzerp/commit/685893522ec0036a1dccc8ae29a7c756556cdc85 merges support for Twilio Verify.
Now the infrastructure is there we should be able to add a local TOTP option with https://github.com/Spomky-Labs/otphp
It would be desirable to add 2FA/MFA to uzERP. Possibly use TOTP from https://github.com/Spomky-Labs/otphp. There is also a Webauthn library https://webauthn-doc.spomky-labs.com/, to support hardware tokens and fingerprint devices, etc.