New to the community? Start here

[Defender Pro] Defender 2FA fail to show username!

0

Hi team – please could we add a display username to the logs for 2FA TOTP methods?

This would show which admin accounts have been potentially compromised, at least username and password etc without it being on a known breach list.

Thanks!

Wed, 10 Jul 2024 14:01:25
More Defender Pro discussions
Defender Pro
  • tom
    • Design Lord, Child of Thor

    Hi Patrick – so for example:

    Yesterday I had several IP address fail 2FA.

    What this means, is that these attempts must have provided correct username/email and password to get this far. But I can’t see which admin account was being used to identify exposure.

    If the admin account had failed to login in the first stage, I’d be able to see that information.

    Therefore my request is specifically to be able to see what admin account fails the 2FA stage.

    Regards

    Tom

  • Adam
    • Support Gorilla

    Hi tom

    Thanks for response!

    Certainly including password in logs would itself be a serious security breach and malpractice but adding the same type “failed login” log as in case of regular login (without 2FA) sounds like a good idea indeed.

    I think something like “User 2FA failed: username – method” could be helpful.

    I’ve passed that request over to our Defender Team so they’ll review the request and technical possibilities (it may require some additional improvements in plugin code such as, for example, adding some new hooks; but I’m not sure) and consider adding it in future.

    Thanks for suggesting it!

    Best regards,
    Adam