A walkthrough example of how to implement 2-Factor authentication (2FA) using Time-based One-time Password Algorithm (TOTP) in a CFML application running on the Coldbox MVC framework.
»
One of the recommendations I mention in OWASP TOP 10 2017 A2-Broken Authentication: Password Requirements is to provide guidance to your users when creating passwords. Here I attempt to explore some ways of implementing feedback to users on the strength of their passwords.
»
the new guidelines for password requirements say to drop all the complexity rules and to create a blocklist of weak, common, and compromised passwords that cannot be used when a user creates a new account. Here is a quick example of one way this could be implemented in CFML.
»
Continuing the series on the OWASP Top 10 now we look at the #2 OWASP vulnerability which is Broken Authentication
»
In this post, I will focus on the #1 OWASP vulnerability which is Injection and how to prevent it in CFML applications.
»