RocketChat
Force users to use 2FA through TOTP (or email)
Is your feature request related to a problem? Please describe. To maximize the security in our self hosted instance of rocketchat we would like to force the use of 2FA. As an admin I have the 'power' to create an user but it is the user that can choose to activate 2FA using TOTP. We would like to force that option. The password policy can be set with a lot of options, that is probably done because the user is the weakest link in securing a server/application, so given the change he/she would most likely disable 2FA (or never activate it).
Describe the solution you'd like All users should use 2FA using TOTP/email/what ever all the time and an user shouldn’t be allowed to deactivate that in there account. All the infrastructure is available and, as far as I can see, implemented, so I would like to see an option in the users section of the administration that forces the use of 2FA (selected in the accounts part).
In case of TOTP 2FA an user will get/set an username/password and at the login he/she will be presented with the QR-code and needs to verify that before continuing.
Describe alternatives you've considered There is no alternative other then building a security shell around rocketchat.
Personal note This is my first feature request, so if I missed anything let me know. I made this feature request because I was ask to do so in the forum
