Changes compared to 20.3.1
PLEASE NOTE: this is a limited-security feature only, protecting only (A) registering new devices; (B) opening the desktop app; and (C) logging in to the Comet Server web interface as an end user. Because backup jobs need to run unattended without 2FA prompting, this feature does not provide full 2FA protection in all cases.
New Features
- Support TOTP 2FA for customer accounts
- Support an end user changing their own password, language, account-name, TOTP when logged in to the Comet Server web interface
- Support an admin changing customer's password without recovery code, if they otherwise know the customer's password
- Prompt for one valid TOTP code before enforcing it for future logins in the Comet Server web interface
Enhancements
- Merge the two Language settings when logged in to the Comet Server web interface as an end user
- Automatically switch to customer's profile language when logged in to the Comet Server web interface as an end user
- Minor reduction in memory usage when processing large directories
- Minor performance improvement for some Comet Server Auth Role and Storage Role management operations
Bug Fixes
- Fix an issue with restoring files on macOS
- Fix an issue with some special characters in passwords when installing Comet Backup on Linux
- Fix an issue with toggling the "Allow administrator to view filenames" setting from the Comet Backup desktop app
- Fix an issue with not showing an error message when the Comet Server web interface encounters an internal error
- Fix an issue with not showing an error message when failing to save job reports in the Comet Backup desktop app
- Fix an issue with not removing recovery code if the policy "Allow administrator to reset password" is changed to "Always off"
- Fix an issue with slow logging of job reports with a large number of message entries
- Fix a security issue that could allow the MSP to intercept account passwords