Two-Factor Authentication for New Account Sign-ups

[nickaddy]

[History/Context]
Two-factor authentication (2FA) is not currently enforced for new candidate account sign-ups, meaning that it would be easy to set up an account with a mistyped email address.

User Story
As a user, when I create a new account, I would like a verification email be sent to the email address provided so that my email address is verified and for added security.

Options
What is the best mechanism - email verification link, email code, e.g. 5-digit number, mobile phone input?

Question(s)
Should 2FA be enforced each time a candidate logs on to the platform or just the first time?

[Task list]
[] Discuss with Product Owner options available
[] Implement agreed option

[Definition of Done]
[]

[User Testing Steps]
[]

[Ticket Champion]
Nick

[nickaddy]

@warrensearle Created following our conversation on Friday. Would be good to get your thoughts on the best option?