Enhancing Security Login

[bernard.lee]

Ever thought about enhancing the security of your portal? Whatever you called it.

Nowadays, platform like the Facebook/Twitter/Gmail/Outlook has implemented a 2FA (Two-factor authentication) when verified then you will successfully logged in to the site.

I believe most people who is using Ruko has some form of important information/data stored in it.

Beside the SSL, which is a pay service. And, Google reCAPTCHA which is meant for “I’m not a robot”.

The world is facing security threats and data leaks.

Hope there is a feature and option to allow users to log in and a 2FA verification. Enhance the security and safeguard your data.

Individual user will have to Setup generated unique QR code in their account. User can use Microsoft Authenticator App (free) to get the OTP. Then, input the number given for every login and access to the page.

What do you think?

[fahmisalim]

I'm agree, and I will vote for google authenticator

[support]

Added in plan

[pixelita]

The bigger threat, IMHO, comes from being hacked from within one's own hosting environment, which is especially prone to happen on shared hosting. So get into the habit, if you aren't already doing this, of backing up your database regularly. Ruko makes this a very easy thing to do so you have no excuse.

[rmcdonald]

In addition to this could the following be added into plan:

Password expiry time (set in configuration - possibly by usergroup and default for application)

An option to not allow users to reuse a previous password

Can you confirm how passwords are currently encrypted in the system ?

Ability to make user inactive if renewal date is not updated (date field but can have a rule to make user inactive)

[fahmisalim]

Hope next update will be included…its quite urgent

Added in plan