Support 2FA (via users & permissions plugin)
Aurélien Georget
If you're building an API which needs a high-security level, it can be very useful to use a 2FA. We could pretty easily support two-factor authentication using the current implementation of the Users & Permissions plugin.
For more details, please see https://github.com/strapi/strapi/issues/786
KiwiCoder
🚀 Introducing Content API 2FA
We just launched a new version of HeadLockr—a fully integrated 2FA solution that now supports both the Strapi Admin Panel and the Users & Permissions plugin (Content API)!
✨ Key Features
- 🔐 Multi-Factor Authentication: TOTP, SMS, Email & Backup Code authentication flows
- 🔄 Fully compatible with Strapi V4 & V5 users-permissions plugin
- 🛠️ Works out of the box, no code required
- 🚫 No User Cap: Scale without limits
👉 Ready to protect your Content API? Start using HeadLockr for FREE 14 days! 🎉
Learn more →
KiwiCoder
🚀 Introducing Content API 2FA
We just launched a new version of HeadLockr—a fully integrated 2FA solution that now supports both the Strapi Admin Panel and the Users & Permissions plugin (Content API)!
✨ Key Features
- 🔐 Multi-Factor Authentication: TOTP, SMS, Email & Backup Code authentication flows
- 🔄 Fully compatible with Strapi V4 & V5 users-permissions plugin
- 🛠️ Works out of the box, no code required
- 🚫 No User Cap: Scale without limits
👉 Ready to protect your Content API? Start using HeadLockr for FREE 14 days! 🎉
Redondo
Been working on a plugin that will extend the functionality. feel free to add issues / ideas:
V
VG
Unfortunately, we are asked to move aware from Strapi due to non-availability for industry standard security requirement - 2FA. If anyone has any work around to implement 2FA, please let me know.
KiwiCoder
VG I hope this is not too late for you. But this is now possible in Strapi V4 and V5. We've build a native plugin that allows admin and content-api users to enable 2FA/MFA to their Strapi instance. Please find the pinned message above for more information or check https://headlockr.io/free-trial
Wouter
We absolutely need this. We are currently looking to step away from Strapi as there is no progress al all regarding this issue.
K
Karl Gochgarian
This feature is very important as it protects access to our apps database
V
Vladyslav Shestakov
There are 25 thousand of us and we are going to find out why there is still no 2FA support in Strapi
O
Olivier Wagener
With so many awesome things that Strapi can do, it is incomprehensible to me that having a 2FA option like TOTP is not one of them. Please try to get to this asap.
Luis Miguel Almánzar
We need any form of TOTP for the admin login. It could be via apps or sending the code via email.
KiwiCoder
Basically any 2FA method is supported. Like email, sms, totp, authenticator and more soon! ;)
K
Karl Gochgarian
That one looks essential, we're storing very sensitive data and a pentest will definitely report this as a weakness in our system :/
Please consider that request 🙏
Daniel Fortuyn
Would love to see this feature, would be willing to contribute if needed. :)
KiwiCoder
Daniel Fortuyn Hey Daniel, I am happy to announce that this is now supported in Strapi v4 and V5 with our plugin called Headlockr. Give it a try here.
Load More
→