Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-79199

As an administrator, I want to be able to offer multi-factor authentication to users

    Details

    • Type: Feature Request
    • Status: Selected for Development
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Application Security
    • Labels:

      Description

      Background

      The FTC recently fined a company who was the victim of a credential stuffing attack. Although the company was a victim, the company is still liable because credential stuffing has become a foreseeable problem and the company did not do enough to prevent this problem.

      As summarized in the article:

      Nonetheless, if it wasn't clear before, it is after TaxSlayer: Companies that fail to consider the risks of credential stuffing, and to implement mitigating controls, do so at their peril. Companies that fail to use multi-factor authentication to protect sensitive data do so at their particular peril. The precise legal hook relied upon by privacy enforcers will always vary from case to case, but the enforcement community's commitment to these principles is here to stay.

      Credential stuffing is currently a huge issue and with rulings like this from the FTC, more and more organizations will need multi-factor authentication.

      Feature Request

      Liferay Portal should offer some sort of multi-factor authentication out of the box. The easiest options to offer are probably Email and TOTP (e.g., Google Authenticator)

        Attachments

          Activity

            People

            • Assignee:
              support-lep@liferay.com SE Support
              Reporter:
              samuel.kong Samuel Kong
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:

                Packages

                Version Package