text# Feature Multi-Factor Authentication (MFA)
| Feature ID | FEA024 |
| Subsystem the feature is part of | Security |
| Responsible person | Developers |
| Status | In Progress |
Description
The Multi-Factor Authentication (MFA) feature adds an additional layer of security to user authentication by requiring multiple verification methods. This enhances protection against unauthorized access by requiring both a password and a secondary authentication factor.
Restrictions, requirements and use cases related to this feature
All relevant issues related to or contributing to the definition of the feature are gathered here
| [Use Case 1] | User logs in and is prompted to enter a one-time code from an authentication app |
| FUNC-REQ-S0010 | The system must support multiple authentication methods (TOTP, SMS, email) |
| FUNC-REQ-S0011 | Users must have the option to enable or disable MFA in account settings |
| FUNC-REQ-S0012 | Backup codes must be provided for account recovery |
Preliminary user stories
-
103 As a user, I want to enable MFA to enhance the security of my account.
-
104 As an admin, I want to enforce MFA for all users with elevated permissions.
-
105 As a user, I want to receive backup codes in case I lose access to my authentication device.
Implementation
- Integrate MFA with authentication providers such as Google Authenticator and Authy.
- Allow users to enable or disable MFA from their account settings.
- Implement time-based one-time passwords (TOTP) for authentication.
- Send backup codes to users upon enabling MFA.
- Enforce MFA for admin accounts by default.
- Ensure encrypted storage of MFA settings and secrets.
Testing / possible acceptance criteria
Write down some notions for testing
| Testcase | Test source | Responsible |
|---|---|---|
| Testcase 1 | FUNC-REQ-S0010 | Testers |
| Testcase 2 | FUNC-REQ-S0011 | Testers |
| Testcase 3 | FUNC-REQ-S0012 | Testers |
| Testcase 4 | SEC-REQ-0020 | Testers |
| Testcase 5 | SEC-REQ-0025 | Testers |
| Testcase 6 | SEC-REQ-0030 | Testers |