twofactorauth icon indicating copy to clipboard operation
twofactorauth copied to clipboard

Published 20 hours ago verified publisher icon 2factorauth

Update Bendigo Bank

Open willidb opened this issue 3 years ago • 3 comments

willidb avatar Jul 22 '22 09:07 willidb

According to the original PR #4718, the "security token" is only used for authorization, but not authentication. Has anything changed in this regard?

phallobst avatar Jul 22 '22 10:07 phallobst

The TOTP provided by the Security Token (Symantec VIP) may be configured by the user to be required at login in addition to User ID and Password. The Security Token is also used for step-up authentication commensurate to sensitivity of transaction. However having reviewed the PR https://github.com/2factorauth/twofactorauth/pull/2973 I now understand that the 2factorauth project defines step-up authentication as a form of authorisation. Hopefully this definition will be amended. Irrespective of the step-up authentication definition, does configurable (optional) enforcement of the Security Token at login meet guidelines?

willidb avatar Jul 22 '22 13:07 willidb

As the requested changes haven't been resolved yet I'm going to label this PR as inactive. Unless there's activity within the next week I'll close the PR.

Carlgo11 avatar Aug 07 '22 01:08 Carlgo11

Closing due to inactivity.

Carlgo11 avatar Aug 15 '22 18:08 Carlgo11