wants to merge 1 commit
Adds 2FA status warning on user permissions page
I think this is a nice improvement. We might need to make the text a bit more subtle, for projects that have many members without multifactor enabled.
A security concern, though, is that anyone can add anyone else to their project. And then they'd be able to see if the other person has multifactor authe enabled. I don't think we want people to do that. A good solution (although not easy) would be to create an invitation system so that people must accept joining a project. That would be a nice improvement anyway.
So I think we should hold this merge request until we have that done.
Log in to post a comment.