#8279 Additional login security checks

v1.11.0
closed
None
General
nobody
2019-06-17
2019-04-25
No

Using previous login details from [#8278], if someone logs in from a new location and has a potentially compromised password (per the HIBP check), it could be good to block the login and force a password reset via email. If 2FA is successful though, probably let that through. Make optional, configurable, and customizable with auth providers.

Related

Tickets: #8278
Tickets: #8287

Discussion

  • Dave Brondsema

    Dave Brondsema - 2019-05-14
    • status: open --> review
     
  • Dave Brondsema

    Dave Brondsema - 2019-05-14

    Branch db/8279

     
  • Kenton Taylor

    Kenton Taylor - 2019-05-17
    • status: review --> closed
     
  • Dave Brondsema

    Dave Brondsema - 2019-06-17
    • Milestone: unreleased --> v1.11.0
     

Log in to post a comment.