---
** [tickets:#8279] Additional login security checks**
**Status:** open
**Milestone:** unreleased
**Created:** Thu Apr 25, 2019 03:35 PM UTC by Dave Brondsema
**Last Updated:** Thu Apr 25, 2019 03:35 PM UTC
**Owner:** Dave Brondsema
Using previous login details from [#8278], if someone logs in from a new
location and has a potentially compromised password (per the HIBP check), it
could be good to block the login and force a password reset via email. If 2FA
is successful though, probably let that through. Make optional, configurable,
and customizable with auth providers.
---
Sent from forge-allura.apache.org because dev@allura.apache.org is subscribed
to https://forge-allura.apache.org/p/allura/tickets/
To unsubscribe from further messages, a project admin can change settings at
https://forge-allura.apache.org/p/allura/admin/tickets/options. Or, if this is
a mailing list, you can unsubscribe from the mailing list.
