Opnion on sensitive fields in the user table of admin panel
I just ran
php artisan make:filament-resource User --generate and got a nice panel for the user model. However it includes some fields which I consider can be abused by moderators and admins such as Password, Two factor secret, Two factor recovery codes and Two factor confirmed at. I am looking for an opinion on if these fields are a security risk or I am just being overly cautious.1 Reply
I don’t think moderators or admins should be able to manipulate 2FA items directly. But they should be able to manually reset passwords for users. Passwords aren’t really that big of a deal if users can reset them themselves anyway.