Ever thought about enhancing the security of your portal? Whatever you called it.
Nowadays, platform like the Facebook/Twitter/Gmail/Outlook has implemented a 2FA (Two-factor authentication) when verified then you will successfully logged in to the site.
I believe most people who is using Ruko has some form of important information/data stored in it.
Beside the SSL, which is a pay service. And, Google reCAPTCHA which is meant for “I’m not a robot”.
The world is facing security threats and data leaks.
Hope there is a feature and option to allow users to log in and a 2FA verification. Enhance the security and safeguard your data.
Individual user will have to Setup generated unique QR code in their account. User can use Microsoft Authenticator App (free) to get the OTP. Then, input the number given for every login and access to the page.
What do you think?
Enhancing Security Login
-
- Posts: 70
- Joined: 14 Apr 2017, 10:50
- Name: Bernard Lee
- Location: Singapore
-
- Sponsor
- Posts: 320
- Joined: 12 May 2015, 08:33
- Name: Fahmi Salim
- Location: Indonesia BSD City
- Company Name: AIMan
- Contact:
Re: Enhancing Security Login
I'm agree, and I will vote for google authenticator
- support
- Site Admin
- Posts: 6221
- Joined: 19 Oct 2014, 18:22
- Name: Sergey Kharchishin
- Location: Russia, Evpatoriya
Re: Enhancing Security Login
Added in plan
-
- Sponsor
- Posts: 158
- Joined: 11 Jan 2018, 11:18
- Name: Joni Mueller
- Location: Houston, Texas USA
- Company Name: Pixelita Designs
- Contact:
Re: Enhancing Security Login
The bigger threat, IMHO, comes from being hacked from within one's own hosting environment, which is especially prone to happen on shared hosting. So get into the habit, if you aren't already doing this, of backing up your database regularly. Ruko makes this a very easy thing to do so you have no excuse.
-
- Investor
- Posts: 417
- Joined: 19 Dec 2018, 02:33
- Name: Robert McDonald
- Location: Auckland, New Zealand
- Company Name: Unicloud
- Contact:
Re: Enhancing Security Login
In addition to this could the following be added into plan:
Password expiry time (set in configuration - possibly by usergroup and default for application)
An option to not allow users to reuse a previous password
Can you confirm how passwords are currently encrypted in the system ?
Ability to make user inactive if renewal date is not updated (date field but can have a rule to make user inactive)
Password expiry time (set in configuration - possibly by usergroup and default for application)
An option to not allow users to reuse a previous password
Can you confirm how passwords are currently encrypted in the system ?
Ability to make user inactive if renewal date is not updated (date field but can have a rule to make user inactive)
-
- Sponsor
- Posts: 320
- Joined: 12 May 2015, 08:33
- Name: Fahmi Salim
- Location: Indonesia BSD City
- Company Name: AIMan
- Contact: