Authentication & Security
Passwordless login, 2FA, passkeys, and security features
Authentication & Security Features
Passwordless Login
Support for Passkey (WebAuthn) authentication, allowing users to log in using biometric authentication or security keys.
Two-Factor Authentication (2FA)
- Email-based 2FA with verification codes
- Per-user or global enforcement
- Admin can require 2FA for all users
Account Closure System
- Client-initiated account closure
- Email verification required
- Reactivation period before permanent closure
- Safety measures to prevent accidental closure
Support PIN
6-digit PIN system for client verification by support staff when contacting support.
CAPTCHA Protection
Support for multiple CAPTCHA providers:
- Google reCAPTCHA
- hCaptcha
- Cloudflare Turnstile
IP Banning
Ability to ban IP addresses from registration and login pages to prevent abuse.
Email Domain Restrictions
Block specific email domains from registration to prevent spam accounts.
Password Security
- Bcrypt hashing with secure password requirements
- Password strength validation
- Secure password reset via email
CSRF Protection
Token-based protection on all forms to prevent cross-site request forgery attacks.
SQL Injection Prevention
Prepared statements used throughout the system to prevent SQL injection attacks.
Session Security
Secure session management with role-based access control and session timeout.