Hi.Events icon indicating copy to clipboard operation
Hi.Events copied to clipboard
Published 1 week ago verified publisher icon HiEventsDev

🌟 Additional login security (2FA/passkey/webauthn)

Open gitmotion opened this issue 1 year ago • 3 comments

Is your feature request related to a problem? Please describe.

  • changing admin email sends the confirmation email to new email instead of current email. effectively not notifying the original email of this change
  • additional security features like 2FA/etc might be good as attendee details / etc are all sensitive

Describe the solution you'd like

  • Should send the confirmation to the email that is currently saved to the database instead

Describe alternatives you've considered

  • Login 2FA?
  • I could see adding auth on the reverse proxy level could help but that would be sitewide

Additional context Won't go as far as saying this is a bug or vulnerability as Stripe details can only be accessed through deployment. However without additional security like 2FA, someone could try to bruteforce passwords or try a leaked password and change the email without the user even knowing. Additional security could help here :)

gitmotion avatar Jun 11 '24 18:06 gitmotion

Thanks for reporting this @gitmotion! I'll fix the email issue ASAP. As for 2FA, that's definitely on the long term roadmap.

daveearley avatar Jun 14 '24 18:06 daveearley

@gitmotion This has now been fixed. I'll leave the ticket open as a 2FA feature request. Thanks again

daveearley avatar Jun 15 '24 18:06 daveearley

@daveearley awesome. just pulled the latest image and saw that it was working flawlessly 👏🏼

gitmotion avatar Jun 15 '24 23:06 gitmotion