800-63-3 icon indicating copy to clipboard operation
800-63-3 copied to clipboard

Published 20 hours ago verified publisher icon usnistgov

AAL1 to AAL2

Open paul-grassi opened this issue 7 years ago • 1 comments

Consider additional requirements to ensure an AAL1 account upgraded to MFA is done by the legit user. Maybe the email should be more than a notification and require action to be taken before AAL2 is enabled (or not) since lack of action is actually action. Time based/fraud/analytics signals to be considered.

paul-grassi avatar Sep 28 '17 00:09 paul-grassi

Not sure what problem this would solve.

jimfenton avatar Mar 07 '19 17:03 jimfenton