https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20476 Sam S <tech.sam@salinapublic.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |tech.sam@salinapublic.org --- Comment #6 from Sam S <tech.sam@salinapublic.org> --- I've been testing the module in our install, working great so far, but I noticed a few issues, both minor: 1. The authentication form field is not marked to be excluded from auto completion. Because of this, after several weeks of use, every time I click on the field, I see a list of all prior authentication codes used. This might be possible to be used in an attack to reverse-engineer the secret key using past codes and when they were entered. Information on how to disable auto completionon form fields can be found here: https://developer.mozilla.org/en-US/docs/Web/Security/Securing_your_site/Tur... 2. There's currently no option to "trust current device" something that most MFA modules include, so a user can mark a local device to be excluded from the MFA check for an amount of time (typically a month or so) -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.