MFA enforcement for users

  • Resolved MH

    (@martincmelik)


    3 years, 3 months ago

    I would like to enforce 2FA to all site users, can you please take this option into consideration?

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author Axton

    (@axton)

    Hi,

    WP-WebAuthn is designed to replace the login password, not enable MFA. If you want to force WebAuthn login for your users, just go to Settings > WP-WebAuthn and set ‘Preferred login method’ to ‘WebAuthn only’. This will completely disable the password login and force all users to use WebAuthn. Please notice currently this will block new users from logging in, and we are working on making the experience better right now.

    If you want MFA functionalities but not replacing passwords with WebAuthn, please use other MFA plugins.

    Thread Starter MH

    (@martincmelik)

    Aha, so your module is only for webauth and nothing else?
    It was almost perfect for my site, but I need to allow at least OTP/TOPT (Google Authenticator etc.) for my users as well.

    Plugin Author Axton

    (@axton)

    Hi,

    Yes. And since WebAuthn is secure by default I recommand you to not enable MFA when using WebAuthn. If you want enable MFA for password logging-ins, you can install Two Factor plugin, which will enable MFA for your users. WP-WebAuthn is compatible with Two Factor and will skip MFA when user logging in with WebAuthn.

    Hope this would help you.

    Thread Starter MH

    (@martincmelik)

    OK, will give it a try

    Thank you!

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘MFA enforcement for users’ is closed to new replies.