Security Tips

The plugin Kepler - Multi-Factor Authentification has several security mechanisms to secure the jira instance.

Limitation of emails for the secret code

• The user can receive a limited number of secret code by email.
• After the 5th secret code request, the user is blocked for a period of 15 minutes.
• The blocking mechanism applies to the user's IP address.
• The purpose of this block is to limit emails sent from the Jira instance.
• We assume that users will receive their secret code after the 3rd attempt.

Single session login with username and IP address

• MFA applies to a customer account with their username and IP address.
• You can open multiple browsers and log in to your Jira account and you will only be prompted once to use MFA.
• Subsequently, logout of your account will require the MFA code to be requested on all your browsers from the same IP address to which you are still logged in.

Before expiration of license !

During the last month of license expiration, a banner will be displayed  for admin users as reminders to renew the plugin license.

Expired License !

When the plugin license expires :

• A red banner will be visible to admin users to inform them that the plugin is expire.
  

• The General Configuration page is no longer editable.
• We can no longer unblock users in the Blacklist page.
• The number of attempts to insert the code is limited to a single attempt.
• After 15 days from the expiration date, the MFA plugin stops working.