-
LMS
-
Resolution: Done
-
Medium
-
None
-
M
-
S
-
Later
-
Medium
-
7.8
We should look into including 2FA/MFA in core, whether that be via a new core implementation or an existing tool.
Things to consider:
- work with a variety of existing authentication methods
- support a variety of 2FA methods, including some/all of:
- TOTP - Token-based from an App
- FIDO/U2F - Physical USB/NFC device
- Push - Push to Moodle App
- Security question - fairly insecure
- SMS (Fairly insecure)
- Email (Insecure)
As an alternative and/or complementary method, we should also look at passwordless authentication.