You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
M2.3 includes an optional 2FA extension to further secure back-end user logins and with M2.4 a fully integrated 2FA was made required for back-end login. However, front-end customer logins still do not natively offer a similar 2FA option. There appear to be no third party extension solutions available from trusted Adobe certified partners, although there are a couple of "freeware" extensions published by individuals.
The Magento customer account typically contains a significant amount of Personally Identifiable Information (PII) such as names, billing and shipping addresses, phone numbers, order history and possibly contains gender, birth date, tax ID, etc. that is visible and editable by the customer upon successful authentication solely by a single password. Customers can also optionally store payment card information associated with their Magento account via the Vault for Card Payments feature of the included Braintree Payments extension.
Securing logins with MFA/2FA has become a best practice widely recommended to consumers and is becoming a requirement across a variety of industries. Complete absence of an integrated multi-factor or two-factor authentication option for customers who wish to further secure their PII is a significant security oversight for the Magento 2 platform.
The text was updated successfully, but these errors were encountered:
M2.3 includes an optional 2FA extension to further secure back-end user logins and with M2.4 a fully integrated 2FA was made required for back-end login. However, front-end customer logins still do not natively offer a similar 2FA option. There appear to be no third party extension solutions available from trusted Adobe certified partners, although there are a couple of "freeware" extensions published by individuals.
The Magento customer account typically contains a significant amount of Personally Identifiable Information (PII) such as names, billing and shipping addresses, phone numbers, order history and possibly contains gender, birth date, tax ID, etc. that is visible and editable by the customer upon successful authentication solely by a single password. Customers can also optionally store payment card information associated with their Magento account via the Vault for Card Payments feature of the included Braintree Payments extension.
Securing logins with MFA/2FA has become a best practice widely recommended to consumers and is becoming a requirement across a variety of industries. Complete absence of an integrated multi-factor or two-factor authentication option for customers who wish to further secure their PII is a significant security oversight for the Magento 2 platform.
The text was updated successfully, but these errors were encountered: