← Back to all articles

Secure Dashboard Authentication Arrives in Phase 1

Username-or-email login, staff account creation, password recovery, configurable sender email, throttling, and security auditing now protect the MineCave Dashboard.

Phase 1 now includes the permanent identity and access foundation for the MineCave Dashboard.

Staff can sign in using either a username or email address. Owners and administrators can create new dashboard users with assigned roles, while password recovery uses secure, single-use links that expire after one hour.

The Dashboard now includes configurable sender-name and sender-email settings for recovery messages, login throttling, session regeneration, CSRF protection, and a dedicated security audit log. Authentication events such as successful sign-ins, failed attempts, password resets, account creation, website-mode changes, and comment moderation are recorded for accountability.

This update extends the locked architecture and establishes the foundation for future permissions, two-factor authentication, and session-management features.

authenticationdashboardpassword-recoveryuserssecurity
Join the Discussion

Leave a comment

Comments are reviewed before appearing publicly.

Comments will return after the database migration is completed.
Discussion

Approved comments

0
No approved comments yet. Be the first to contribute.
Continue Reading

Related articles

Phase 1.19 Adds the Roles and Permissions Manager

Executive and staff dashboard access can now be configured per role while community badges remain access-free.