77
Allow more 2FA Options
under review
N
Nigel Moore
Whilst the recent enforcement of 2FA (via email) is a welcome addition to the security of High-Level, email based 2FA is unfortunately one of the least secure 2FA methods.
So, please add more 2FA options.
Including at a minimum TOTP codes (a global standard) that people can use through whatever TOTP App they use.
(E.g. Authy, Duo, Google Authenticator, Microsoft Authenticator etc).
And at the same time, please:
- Allow an agency to select what 2FA options they will allow to be used across their clients.
- Allow Admins of a sub-account to also have this level of functionality to select what 2FA options users in their Sub-Account can use IF the Agency gives it to them.
K
Ken Wood
Another vote for Authy. I'm trying to consolidate everything in that one app.
G
Gianluca Amato
this would be a good update, especially security wise
A
Andrew Hewerdine
100% I'm kind of gobsmacked it's not an option. Such a simple implementation too.
S
Stuart Gelin
This is a huge deal. Having it be required every single time and also not having TOTP codes as an option are both major problems. Please prioritize this.
Core Platform
Merged in a post:
2FA not everytime but weekly or monthly
B
Brandon Grosso
Having to do the 2FA every single time a login is attempted can be bothersome when a client might be in and out of the system throughout the day. Is there a way to have the 2FA be on a weekly, bi weekly, or monthly basis so it is not every single time, if within Twilio's guidelines with the ISV.
HIGHLVL-I-5221
Core Platform
under review
S
Shane Mccormick
also add a 30 day do not ask again from this pc function.
N
Nigel Moore
HighLevel Support - can this please be prioritized? It's a very small development project with a very large benefit.
C
Colin Seymour
I'm sorry... but in this day and age, with all the hacking that is happening every second of every day, having a non-secure 2FA is not much better than not having anything at all. You need to allow the use of authenticator apps - Authy, Google, MS, Evo, etc.
Cyber insurance questionnaires are starting to ask about these differences...!
P
Pablo Samsing
We actually would like to turn this off. Having a client get an email code or have to search an authentication code every time they login is a huge pain. I agree MFA is required, but it should have a remember me 30 days feature. Our clients are on the go and can't log in and then go check for a code in another app email or otherwise every single time, multiple times a day. It's insane. This needs to be thought out holistically. It should also be able to be turned off at the sub-account level. Let the clients decide. Just like godaddy does.
C
Cody Tuma
Pablo Samsing: Seconded.
N
Nigel Moore
Pablo Samsing: Respectfully, GoDaddy is not a business to be taking Cybersecurity inspiration from. They've been a large number of times due to their poor security practices.
Load More
→