User Account Security
Multi-Factor Authentication (MFA):
Mandatory MFA for all user accounts
Support for hardware security keys (e.g., YubiKey) for highest security
Session Management:
Secure session handling with frequent rotation of session tokens
Automatic session termination after periods of inactivity
Account Recovery:
Secure account recovery processes with multi-step verification
Optional designation of trusted contacts for assisted recovery
Passwordless Authentication Options (Future upgrades):
Implementation of WebAuthn for biometric and device-based authentication
Integration with blockchain-based identity solutions (e.g., Civic, uPort)
Last updated