User Account Security

  1. Multi-Factor Authentication (MFA):

    • Mandatory MFA for all user accounts

    • Support for hardware security keys (e.g., YubiKey) for highest security

  2. Session Management:

    • Secure session handling with frequent rotation of session tokens

    • Automatic session termination after periods of inactivity

  3. Account Recovery:

    • Secure account recovery processes with multi-step verification

    • Optional designation of trusted contacts for assisted recovery

  4. Passwordless Authentication Options (Future upgrades):

    • Implementation of WebAuthn for biometric and device-based authentication

    • Integration with blockchain-based identity solutions (e.g., Civic, uPort)

Last updated