Intro:
Passwords alone aren’t enough — multi-factor authentication adds a second layer of protection. This challenge enhances your existing login system with MFA to ensure stronger account security.
Guidelines:
-
Extend your login flow to verify a second factor (SMS, email OTP, or authenticator app).
-
Only grant access after both password and MFA code are validated.
-
Support MFA setup and removal through a secure flow.
-
Include backup codes or recovery options for lost devices.
-
Allow admin overrides to disable MFA or recover locked accounts.