CB Login Form & MFA
krileon
1 year 7 months ago #330581
by krileon
Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
Replied by krileon on topic CB Login Form & MFA
MFA has nothing to do with Captcha. To configure MFA you need to login then go to your profile and configure one of the MFA plugins parameters from there. This will look like the following depending on which MFA plugins you have enabled.
It is not possible for CB to bypass MFA. We actually have absolutely no control over MFA. MFA will likely bypass login captcha though as it completely hijacks and redirects away from the CB login process, which again we've no control over. I do not recommend using login captcha to begin with though as it's unnecessary friction for your users.
It is not possible for CB to bypass MFA. We actually have absolutely no control over MFA. MFA will likely bypass login captcha though as it completely hijacks and redirects away from the CB login process, which again we've no control over. I do not recommend using login captcha to begin with though as it's unnecessary friction for your users.
Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
Attachments:
Please Log in to join the conversation.
1 year 7 months ago #330584
by trlbldr
Don White
Replied by trlbldr on topic CB Login Form & MFA
I know understand that MFA has nothing to do with CAPTCHA and that MFA cannot be bypassed by CB.
My suggestion, instead, has everything to do with the CB AntiSpam plugin.
That plugin drives the CAPTCHA displayed on the CB Login form - see the screen shot:
Since the implementation of MFA - Code by Email provides the strongest secure login possible (one-time pads are always the most secure method to super-encrypt any communication), the additional use of a CAPTCHA tool is redundant.
(I apologize for any arrogance or snarkiness on my part; I served 20 years in the Navy as a cryptologist, analyst, and software writer in the dark ages, when AGILE was known as Rapid Prototyping, Waterfall, etc.)
The AntiSpam plugin, if implemented in CB, requires designation of a CAPTCHA tool. I suggest that it could be updated to allow NO choice so that users might not be confused into thinking that the username + password + CAPTCHA combination actually logs them into the website without a further step.
If my suggestion is out of line or difficult or impossible to implement, that's life.
Thanks for your consideration.
My suggestion, instead, has everything to do with the CB AntiSpam plugin.
That plugin drives the CAPTCHA displayed on the CB Login form - see the screen shot:
Since the implementation of MFA - Code by Email provides the strongest secure login possible (one-time pads are always the most secure method to super-encrypt any communication), the additional use of a CAPTCHA tool is redundant.
(I apologize for any arrogance or snarkiness on my part; I served 20 years in the Navy as a cryptologist, analyst, and software writer in the dark ages, when AGILE was known as Rapid Prototyping, Waterfall, etc.)
The AntiSpam plugin, if implemented in CB, requires designation of a CAPTCHA tool. I suggest that it could be updated to allow NO choice so that users might not be confused into thinking that the username + password + CAPTCHA combination actually logs them into the website without a further step.
If my suggestion is out of line or difficult or impossible to implement, that's life.
Thanks for your consideration.
Don White
Attachments:
Please Log in to join the conversation.
Moderators: beat, nant, krileon
Time to create page: 0.237 seconds
