Add 2-Factor Authentication/Multi-Factor Authentication to App [edited] (2 Merged Votes)

TGP
TGP Member ✭✭✭✭
edited November 2021 in Feature Requests
Since this app has everything to do with finance, I believe the use of multi-factor authentication is a must, please prioritize to help protect financial info, thanks!
Tagged:
90 votes

In Review · Last Updated

This Idea is currently under way for the Simplifi Mobile App and is still being considered for the Simplifi Web App.

«1

Comments

  • SimplifiBeta
    SimplifiBeta Member ✭✭
    Agreed. MFA is a must. Security minded folks would also want to ensure that data at rest on Quicken servers is also fully encrypted and not accessible to Quicken employees or contracted agents.
  • TGP
    TGP Member ✭✭✭✭
    Still as an end user, I need to be challenged to be able to log into my own account.
  • RickR
    RickR Member ✭✭
    That would definitely be a nice option to have in the app as an extra security layer, probably something you can turn on/off if needed!
  • Coach Paco
    Coach Paco Moderator admin

    @TGP that's a great suggestion!

  • Coach Paco, regarding the multi-factor authentication on the "mobile app", I am having a problem. I am using the android app on a motorola g6 phone. I receive pop up that my bank needs to confirm my identity and gives me the option to email or text the verification. when I chose one or the other and press the VERIFY button, I received the code from my bank, but the app does not allow me to input the code. I have to go to my browser on my computer to update my account. Thanks Tim

  • Coach Paco
    Coach Paco Moderator admin

    @[email protected] I appreciate you bring that to our attention. I'm going to test this out so I can get this submitted for us!

  • simplij
    simplij Member ✭✭✭✭

    New here, so please forgive if this is the wrong place for this. I've been playing with the product for a couple of weeks now. Really nice and look forward to seeing it evolve. But the lack of 2FA is problematic. If nothing else, in 2020 a finance web site, even one that is 'view only', really has to support 2FA. It gives just that much more confidence to add in all my accounts. Keep in mind that some fraud begins with learning who to target. Even just being able to see this data could put someone at risk. 2FA really needs to be something added sooner versus later.

  • Coach Tappan
    Coach Tappan Retired Coach ✭✭✭✭

    @simplij This is certainly the right place for your comment. Several of our early users have requested better multifactor authentication functions in Simplifi, beyond the ones that are offered when you're first setting up an account. So far, the majority have asked for the ability to turn MFA on or off for individual accounts. There are currently administrative options to enable 2FA for an individual user, but since it turns it on for all functions, including login, and can't be turned off by the user, our support team is looking for ways to make it more selective. When we hear back from them, we'll post an update here to let you know how we plan to handle this. Thanks for your suggestion!

  • simplij
    simplij Member ✭✭✭✭

    As we read over and over, SMS based 2FA is ‘lacking’. I’d really like to see OTP support! Thanks!

  • Coach Tappan
    Coach Tappan Retired Coach ✭✭✭✭

    I agree. My personal preference would be a toggle that would set an individual account to always request a one-time passcode via text on login, or turn that option off if I'm okay with just username and password authentication. We appreciate your comments.

  • simplij
    simplij Member ✭✭✭✭

    Just to make sure we're talking about the same thing, I'm referring to logging in to Simplifi, and not about specific linked accounts.

  • Coach Tappan
    Coach Tappan Retired Coach ✭✭✭✭

    @simplij I understand. You'd like to exchange an OTP with Simplifi every time you log, in for extra security. I know this is important to a lot of users, and we definitely want to find the best way to make that option available to you.

  • iberamen
    iberamen Member

    I agree, this is definitely important. Not only SMS MFA but OTP using apps like Google Authenticator or Authy would be great.

  • simplij
    simplij Member ✭✭✭✭

    Thanks!

  • simplij
    simplij Member ✭✭✭✭

    Exactly!

    @iberamen said:
    OTP using apps like Google Authenticator or Authy would be great.

  • steveb
    steveb Member

    As it uses Quicken / Intuit's login, I'm surprised it doesnt also incorporate their 2FA.

  • this is actually ridiculous. Mint, Clarity (by Marcus), YNAB, etc. all have it.

  • TGP
    TGP Member ✭✭✭✭

    Has any progress been made on this? I can not believe that we actually have to ask for this security feature.

  • Coach Nicole
    Coach Nicole Administrator, Moderator admin

    Hi all,

    We appreciate your feedback and patience while we work to get this feature enabled. At this time, we don't have an ETA. However, as soon as we have any new updates, we'll be sure to post on this thread.

    Thank you! -- Coach Nicole

  • Coach Natalie
    Coach Natalie Administrator, Moderator admin
    edited September 2020

    Hello All,

    Great news! We are currently working to implement this into Simplifi, although I do not have an ETA at this time. :smile:

    -Coach Natalie

  • Would be great to up the security since there is financial data & personal data for that matter (where someone shops, where they eat all the time, etc).
    Would suggest at the very least needing text codes. But also if people want to activate other levels of security, then using things like the yubikey and authenticator apps

  • hondo
    hondo Member
    I noticed it's been several months since there's been an update here about two-factor authentication. This is a primary concern for myself as well. At the very least, logging into the website version of Simplifi should have two-factor authentication via SMS texting. As much as I like Simplifi, it's worrisome to think it could be used as a roadmap for my financial data. Our Quicken accounts already have our phone numbers for SMS texting so it would seem this should have been available from launch.
  • root
    root Member
    Are there any plans to implement Time-based One-time Password (TOTP) support? It would help mitigate against SIM-jacking attacks that are very common and relatively easy to do these days.
  • cncb
    cncb Member
    Please add this.  I probably will not continue past the trial if this is not in place.
  • Please add 2 factor authentication as an option to the sign in/on process.
  • HidireTrain
    HidireTrain Member
    edited November 2021
    I just went to sign up for a free trial but noticed there isn't MFA. I will not use a budget app that does not have MFA. 
  • jondehen
    jondehen Member ✭✭
    Another vote for a MFA solution.  It's almost 2022 and MFA is top of all cybersecurity best practices.

    That being said, users should also be using a unique, impossible to guess password.  It doesn't help that Simplifi doesn't support multiple logins (spouses) for a single account which requires a shared password.  I'd pay more for my spouse to have their own login with MFA.
  • Also, please educate your support personnel on what MFA for login means. I spent quite a bit of time getting the runaround from the Simplifi support team before Googling and finding this post. I've sent the link to this post, now, twice, to those working on my ticket, and they do not seem to understand what I'm asking about.
  • markb
    markb Member
    Like others here I am also disappointed in what I see in this thread.

    I set up my Simplify account because of a forcing issue with the vendor I used previously, and picked Simplify because reviews indicated support for 2FA.  I was extremely disappointed to see that "2FA" here was just SMS messages, something that has been known to be inadequate and all too easily hijacked for a long time.

    And worse, it isn't like this was around before that. Instead, it was *added* to the product within the last year. How in the world did you pick this up as a feature to add in late 2020 and still decide to use an SMS implementation?

    Why is it that financial institutions consistently have the worst security implementations that lag so far behind on best practices?
  • Poptarts
    Poptarts Member
    edited March 8
    Yes, completely agree this app needs MFA. Would love to see this at the top of the priority list.