You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@allura.apache.org by Dave Brondsema <da...@brondsema.net> on 2019/05/14 22:20:14 UTC

[allura:tickets] #8279 Additional login security checks

- **status**: open --> review
- **Comment**:

Branch db/8279



---

** [tickets:#8279] Additional login security checks**

**Status:** review
**Milestone:** unreleased
**Created:** Thu Apr 25, 2019 03:35 PM UTC by Dave Brondsema
**Last Updated:** Thu Apr 25, 2019 03:35 PM UTC
**Owner:** Dave Brondsema


Using previous login details from [#8278], if someone logs in from a new location and has a potentially compromised password (per the HIBP check), it could be good to block the login and force a password reset via email.  If 2FA is successful though, probably let that through.  Make optional, configurable, and customizable with auth providers.


---

Sent from forge-allura.apache.org because dev@allura.apache.org is subscribed to https://forge-allura.apache.org/p/allura/tickets/

To unsubscribe from further messages, a project admin can change settings at https://forge-allura.apache.org/p/allura/admin/tickets/options.  Or, if this is a mailing list, you can unsubscribe from the mailing list.