- **status**: open --> review - **Comment**: Branch db/8279
--- ** [tickets:#8279] Additional login security checks** **Status:** review **Milestone:** unreleased **Created:** Thu Apr 25, 2019 03:35 PM UTC by Dave Brondsema **Last Updated:** Thu Apr 25, 2019 03:35 PM UTC **Owner:** Dave Brondsema Using previous login details from [#8278], if someone logs in from a new location and has a potentially compromised password (per the HIBP check), it could be good to block the login and force a password reset via email. If 2FA is successful though, probably let that through. Make optional, configurable, and customizable with auth providers. --- Sent from forge-allura.apache.org because dev@allura.apache.org is subscribed to https://forge-allura.apache.org/p/allura/tickets/ To unsubscribe from further messages, a project admin can change settings at https://forge-allura.apache.org/p/allura/admin/tickets/options. Or, if this is a mailing list, you can unsubscribe from the mailing list.
