This is a Moodle plugin which adds Multi-Factor authentication (MFA), also known as Two-factor authentication (2FA) on top of your existing chosen authentication plugins.
A tool for enforcing various security standards and guidelines for passwords for Moodle. This plugin aims for compliance with the Australian Information Security Manual (currently May 2019), and above that, the NIST standards from the document 800-63B. Many of the controls are optional and user configurable, with the most safe values set by default, but allow for great customization for any configuration, while enforcing safe, sensible guidelines for passwords.
This password checks also include securely testing for potentially compromised passwords using:
This plugin adds a framework for adding and enforcing security questions for users to perform a password reset. Currently it only operates on the Moodle Core 'Forgot Password' page, however it is easily extensible to other forms.
NOTE: This plugin only has native compatability with Moodle 3.8. For Moodle 3.7, MDL-66173 must be cherry-picked to allow the plugin to interact with Moodle. See Readme for more detailed instructions