Wishlist for user area capabilities
Entries that are decided upon can be converted to a separate issue.
-
Users can change their email.
Should it be allowed? Is there any service where an email change will mess the service's authentication. -
User can change their password.
Should this be a fast lane to #17 (closed)? -
User can't set a password from the pwned passwords list.
In general, there should be a nice "password validation tool". I presume that there is something online that does a real entropy measure? -
User can flag their account as compromised.
We could have a link to flag the user as compromised, prompting a notification to the eNOC team. -
Alternate authentication methods.
SAML (SSO)? JWT? Kerberos?