Roadmap
2025-05-30
🚀 Major Release: Strapi v5 SupportReleased
Headlockr is now fully compatible with Strapi v5! Our latest version brings full support for the newest Strapi core, so you can upgrade with confidence and stay secure.
2025-05-23
📧 New: Email-based 2FAReleased
You can now use email as a two-factor authentication method — both for verifying identity and completing logins. Fully supported for admin panel and content API.
2025-05-28
Introducing Content API MFAReleased
We're excited to announce that Headlockr now supports multi-factor authentication for the content API — not just the admin panel. This brings powerful security to your public endpoints as well. SDKs and a starter project are coming soon to make integration even easier.
2025-06-06
MFA Challenge Grace PeriodReleased
The MFA challenge grace period will allow users a predefined window of time during which they will not need to re-authenticate via MFA after a successful login. This feature strikes a balance between user convenience and security by reducing repetitive MFA prompts while maintaining secure session management. Administrators will be able to configure the grace period to suit their security policies.
2025-06-30
🔑 Passkeys (Passwordless Login)
We're working on native support for Passkeys — enabling secure, passwordless authentication using Face ID, Touch ID, device PINs, or hardware keys. Say goodbye to passwords and hello to phishing-resistant logins.
2025-07-09
📱 Companion App
A dedicated Headlockr mobile app is on the way. Users will be able to approve logins via biometric authentication, or complete challenges similar to GitHub's mobile verification flow.
2025-07-31
🌍 Geo Blocking
Add another layer of protection: soon you'll be able to restrict logins based on country or region. Useful for limiting backend access to trusted locations only.
2025-08-24
Auto Logout
Auto logout ensures that inactive users are automatically signed out after a set period of inactivity, reducing the risk of unauthorized access to unattended sessions. Administrators will have the flexibility to configure the inactivity timeout duration based on security requirements. This feature enhances overall account and data security by preventing stale sessions from being exploited.
2025-08-31
User Management
A robust user management system will allow administrators to efficiently manage user accounts and permissions. This feature will include functionalities such as creating, updating, or deactivating users, assigning roles and privileges, and viewing user activity. Bulk user import and export options will also streamline administration in large organizations.