Two factor security answers are exposed in ACP

[CoffeeCake]

I noticed a member who had turned on two factor authentication and provided security answers. I don't believe it's security best practices to show these values to anyone looking at the member's account in plaintext, without some sort of action being taken that is logged. For example, a button to view the values that then logs the account who requested to view the values, or even better, only validate that the entered answer matched what the user specified without displaying the values at all.

Right now, the answers are available to anyone with permission to view without taking any action to see the answers. Please change this behavior to require a click on something that would insert "Paul E. viewed member's security questions and answers" or such in the account activity logs at a minimum.

[Daniel F]

There's already an own ACP permission for this.

Only administrators with the "Can view and edit members' two factor authentication settings?" permission are able to see and edit this. If you're worried that your administrators could abuse the system, don't give them the permission to view and edit this 🙂 

[CoffeeCake]

23 minutes ago, Daniel F said:

There's already an own ACP permission for this.

Only administrators with the "Can view and edit members' two factor authentication settings?" permission are able to see and edit this. If you're worried that your administrators could abuse the system, don't give them the permission to view and edit this 🙂 

I understand there's a separate permission, however I believe this data should not be shown without explicitly requesting it and logging that it was requested to be viewed. This should be an auditable activity.

Someone that has this permission should not be able to see the answers of every person who has supplied those answers just by viewing the member record in ACP.