Two-Factor Authentication and PCI compliance

  • Hello, I am doing some research on new requirements that will be coming soon to maintain PCI compliance for processing user credit card data on my ecommerce site.

    One of the requirements is that the admin login has 2FA set up, however the process must not show which login item was incorrect if entered wrong.

    For example, lets say I were to enter my username or password incorrectly, the login process would still allow me to move on to the 2FA step. If I entered the 2FA code correctly (or incorrectly), it would throw me back to the username/password screen without telling me which piece of information I entered incorrectly.

    Likewise if I were to enter the username and password correctly but the 2FA code incorrectly, the process would still throw me back to the beginning without hinting at which piece of information was wrong.

    Is this something that your plugin can do? If not, is it something that may be added in the future as the PCI compliance rules come into effect?

    Thank you!

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Contributor robertabela

    (@robert681)

    Thank you for showing interest in our plugin.

    This is something we are planning to introduce in the near future and it will be included in one of the upcoming builds this year.

    I am sorry I couldn’t give you a solution right now. Should you have any other questions, please do not hesitate to ask.

    Have a great day.

    Thread Starter happyday25

    (@happyday25)

    @robert681 wonderful! I’m happy to hear you’ve already been working on this and will look forward to the future update. Thanks so much ??

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Two-Factor Authentication and PCI compliance’ is closed to new replies.