Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-79199

As an administrator, I want to be able to offer multi-factor authentication to users


    • Type: Feature Request
    • Status: Selected for Development
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Application Security
    • Labels:
    • Priority Level:



      The FTC recently fined a company who was the victim of a credential stuffing attack. Although the company was a victim, the company is still liable because credential stuffing has become a foreseeable problem and the company did not do enough to prevent this problem.

      As summarized in the article:

      Nonetheless, if it wasn't clear before, it is after TaxSlayer: Companies that fail to consider the risks of credential stuffing, and to implement mitigating controls, do so at their peril. Companies that fail to use multi-factor authentication to protect sensitive data do so at their particular peril. The precise legal hook relied upon by privacy enforcers will always vary from case to case, but the enforcement community's commitment to these principles is here to stay.

      Credential stuffing is currently a huge issue and with rulings like this from the FTC, more and more organizations will need multi-factor authentication.

      Feature Request

      Liferay Portal should offer some sort of multi-factor authentication out of the box. The easiest options to offer are probably Email and TOTP (e.g., Google Authenticator)


          Issue Links



              • Assignee:
                support-lep@liferay.com SE Support
                samuel.kong Samuel Kong
              • Votes:
                0 Vote for this issue
                2 Start watching this issue


                • Created:


                  Version Package