Account Server 3.44 Release notes

Owned by Avishek Chatterjee
Last updated: Mar 26, 2024
2 min read

MFA (Multi-Factor Authentication)

  1. Organisation users having app.settings.admin can enable MFA for all username/email and password users of the org from the domain settings section.

    image-20240325-115206.png
    Domain settings section

MFA can only be enabled when email verification is enabled.

Users using 'Login with Google' can turn on 2FA on their google account settings.

If app.settings.admin role is not assigned to any of your organisation’s user please contact Increff support team.

  1. User level MFA can also be turned on only for username/email and password users who are already verified or pending for verification.

    image-20240325-120810.png
    User MFA toggle

     

  2. After logging in user will be redirected to MFA screen where he needs to enter the OTP received on registered email.

image-20240325-121329.png
MFA screen

User can ask for a new OTP after 60 seconds. After 15 wrong attempts user needs to resend the OTP. OTP will expire in 5 minutes.

Security enhancements

  1. Account server now stores password history of last 5 passwords which was previously 3, i.e. users can’t use their last 5 passwords while changing password.

Minor bug fixes

  1. While signing up for new organisation user will be assigned app.admin as well as app.settings.admin.

  2. While signing up for new organisation email verification will not be needed.