Hello,
Hmmm ... I'm using Fortify for a long time now.
I'd like to increase security with :
either 2FA
or a code sent by email
I have already coded both, but I have no retreat about security with both. Is there one more secure than the other ?
I think that 2FA is more secure because it doesn't involve the email which is often hacked.
So with 2FA, when I have a look at the Fortify documentation, I see that the user has to enable 2FA his/herself for his/her account. But is it possible to force enabling 2FA without the user consent ? Or is it mandatory that the user does it his/herself ?
Thanks for your help.
V
@vincent15000 How are you going to “force” enable 2FA for a user without their consent? You can’t make them scan a QR code, set up rotating 2FA codes on their device, and also forcibly download 2FA backup codes to a user’s device without their consent.
Please or to participate in this conversation.