Don't use admin user¶
Don't use an admin user for everyday work. Use a regular user instead.
Enable 2FA for CRM users. Force regular users to set up 2FA. Can be done at Administration > Authentication.
Disable password recovery for admins¶
Can be done at Administration > Authentication. If you lost admin access and want to recover your password, set 'passwordRecoveryForAdminDisabled' to false in
Consider configuring password strength parameters (at Administration > Authentication).
Auth token expiration¶
Consider decreasing Auth Token Max Idle Time. Additionally, you can also specify Auth Token Lifetime.
Restrict upgrade via UI¶
Restrict the ability to upgrade and upload extensions via the UI. Set
'adminUpgradeDisabled' => true in
data/config-internal.php (as of v8.1, before, it could be done with the