Our features site is undergoing a refresh! Be sure to explore the revamped site and discover our latest product roadmap launching here on Monday, March 18th.
New Topic
cPanel & WHM Feature RequestsTopicSecurity
Properties
Category Security
Tags 2FA, two factor, two factor authentication, two factor auth, two-factor, two-factor-auth, two-factor-authentication, security, security policy, security-policy, enhancement

Require 2FA Entry for root before Disabling or Removing 2FA for root (Two Factor Authentication)

Tanner W. shared this idea 8 years ago
Open Discussion

To follow industry best practices, it is common to require additional authentication before allowing for password related changes (similar to enabling or disabling 2FA). I would suggest that for the root account, even from an active session by root account in WHM -- before allowing removing 2FA that the root account must enter the current 2FA code before disabling it is allowed (Similar to how a Google Account requires the user to enter the active 2FA code as they setup and enable 2FA the first time around, to confirm they've set it up right before permanently requiring the user to enter 2FA from then on).

5 I like this idea 1  
Leave a Comment
 
Attach a file

cPanel, WebHost Manager and WHM are registered trademarks of cPanel, L.L.C. for providing its computer software that facilitates the management and configuration of Internet web servers.