I love the CRM. I admire the effort and commitment put in building the CRM. A few ideas, I have for hardening the security of this amazing CRM:
- Brute Force Protection:
- Ban Specific account Login for X mins after X failed attempts.
- CAPTCHA during login.
- Prevent Multiple Device Logins. If user tries to, it will ask to log out of previous device first or wait for session time out.
- Password Expiration: Passwords will expire in X days. Users will be required to create a new one (different from the last password).
- Password Strength: Set Password Strength of X Characters. Checkbox for Forcing special characters.
- Whitelist IPs: Enter whitelisted IPs
- Blacklisted IPs: Enter Blacklisted IPs.
- 2 Factor Authentication using Google Authenticator or OTP.
Comment