2FA via TOTP / RFC 6238 is available to all accounts and is enforced for all administrative accounts


Status: APPROVED
Changes: 3
Source: link
Author: NeurohrByteS (20647)


Time-based one-time passwords (TOTP) is available for all users, as can be seen in the login screen. The enforcement is documented under "Usage" in the privacy policy: `Our employees can access your data via access controlled, two-factor authenticated, portal interfaces.` Internal information (since I'm the developer): Administrative accounts are required to enable 2FA before they are allowed to access other user's data (invoices, support desk tickets, etc.)


Comments:
On 2023-06-30 18:29:04 UTC, Agnes_de_Lion (20760) Staff wrote:

APPROVED
No comment given



We track editorial changes to analyses and updates to a point's status and display the previous versions here as part of an effort to promote transparency regarding our curation process.

Version 1: 2023-06-30 18:29:04 UTC by Agnes_de_Lion (20760)

Previous Title: No changes recorded

Updated Title: No changes recorded

Previous Analysis: No changes recorded

Updated Analysis: No changes recorded

Previous Status: PENDING

Updated Status: APPROVED

Version 2: 2023-06-21 18:23:16 UTC by NeurohrByteS (20647)

Previous Title: No changes recorded

Updated Title: No changes recorded

Previous Analysis: Time-based one-time passwords (TOTP) is available for all users, as can be seen in the login screen. Internal information (since I'm the developer): Administrative accounts are required to enable 2FA before they are allowed to access other user's data (invoices, support desk tickets, etc.)

Updated Analysis: Time-based one-time passwords (TOTP) is available for all users, as can be seen in the login screen. The enforcement is documented under "Usage" in the privacy policy: `Our employees can access your data via access controlled, two-factor authenticated, portal interfaces.` Internal information (since I'm the developer): Administrative accounts are required to enable 2FA before they are allowed to access other user's data (invoices, support desk tickets, etc.)

Previous Status: No changes recorded

Updated Status: No changes recorded

Version 3: 2023-06-21 18:15:29 UTC by NeurohrByteS (20647)

Previous Title:

Updated Title: 2FA via TOTP / RFC 6238 is available to all accounts and is enforced for all administrative accounts

Previous Analysis:

Updated Analysis: Time-based one-time passwords (TOTP) is available for all users, as can be seen in the login screen. Internal information (since I'm the developer): Administrative accounts are required to enable 2FA before they are allowed to access other user's data (invoices, support desk tickets, etc.)

Previous Status:

Updated Status: PENDING