Add 2-Factor Authentication/Multi-Factor Authentication to App [edited] (2 Merged Votes)

Options
TGP
TGP Member ✭✭✭✭
edited November 2021 in Feature Requests
Since this app has everything to do with finance, I believe the use of multi-factor authentication is a must, please prioritize to help protect financial info, thanks!
Tagged:
278 votes

In Review · Last Updated

This Idea is currently under way for the Simplifi Mobile App and is still being considered for the Simplifi Web App.

«134

Comments

  • TGP
    TGP Member ✭✭✭✭
    Options
    Still as an end user, I need to be challenged to be able to log into my own account.
  • RickR
    RickR Member ✭✭
    Options
    That would definitely be a nice option to have in the app as an extra security layer, probably something you can turn on/off if needed!
  • Coach Paco
    Coach Paco Moderator admin
    Options

    @TGP that's a great suggestion!

  • Coach Paco, regarding the multi-factor authentication on the "mobile app", I am having a problem. I am using the android app on a motorola g6 phone. I receive pop up that my bank needs to confirm my identity and gives me the option to email or text the verification. when I chose one or the other and press the VERIFY button, I received the code from my bank, but the app does not allow me to input the code. I have to go to my browser on my computer to update my account. Thanks Tim

  • Coach Paco
    Coach Paco Moderator admin
    Options

    @tgraves2b@yahoo.com I appreciate you bring that to our attention. I'm going to test this out so I can get this submitted for us!

  • simplij
    simplij Member ✭✭✭✭
    Options

    New here, so please forgive if this is the wrong place for this. I've been playing with the product for a couple of weeks now. Really nice and look forward to seeing it evolve. But the lack of 2FA is problematic. If nothing else, in 2020 a finance web site, even one that is 'view only', really has to support 2FA. It gives just that much more confidence to add in all my accounts. Keep in mind that some fraud begins with learning who to target. Even just being able to see this data could put someone at risk. 2FA really needs to be something added sooner versus later.

  • Coach Tappan
    Coach Tappan Retired Coach ✭✭✭✭
    Options

    @simplij This is certainly the right place for your comment. Several of our early users have requested better multifactor authentication functions in Simplifi, beyond the ones that are offered when you're first setting up an account. So far, the majority have asked for the ability to turn MFA on or off for individual accounts. There are currently administrative options to enable 2FA for an individual user, but since it turns it on for all functions, including login, and can't be turned off by the user, our support team is looking for ways to make it more selective. When we hear back from them, we'll post an update here to let you know how we plan to handle this. Thanks for your suggestion!

  • simplij
    simplij Member ✭✭✭✭
    Options

    As we read over and over, SMS based 2FA is ‘lacking’. I’d really like to see OTP support! Thanks!

  • Coach Tappan
    Coach Tappan Retired Coach ✭✭✭✭
    Options

    I agree. My personal preference would be a toggle that would set an individual account to always request a one-time passcode via text on login, or turn that option off if I'm okay with just username and password authentication. We appreciate your comments.

  • simplij
    simplij Member ✭✭✭✭
    Options

    Just to make sure we're talking about the same thing, I'm referring to logging in to Simplifi, and not about specific linked accounts.

  • Coach Tappan
    Coach Tappan Retired Coach ✭✭✭✭
    Options

    @simplij I understand. You'd like to exchange an OTP with Simplifi every time you log, in for extra security. I know this is important to a lot of users, and we definitely want to find the best way to make that option available to you.

  • iberamen
    iberamen Member
    Options

    I agree, this is definitely important. Not only SMS MFA but OTP using apps like Google Authenticator or Authy would be great.

  • simplij
    simplij Member ✭✭✭✭
    Options

    Thanks!

  • simplij
    simplij Member ✭✭✭✭
    Options

    Exactly!

    @iberamen said:
    OTP using apps like Google Authenticator or Authy would be great.

  • steveb
    steveb Member
    Options

    As it uses Quicken / Intuit's login, I'm surprised it doesnt also incorporate their 2FA.

  • timmyc123
    timmyc123 Member ✭✭✭✭
    edited January 2022
    Options

    I guess this is more a request for the Quicken people as we use a Quicken account for logging into Simplifi.

    Please add support for WebAuthn for both passwordless login and second factor. It is completely unacceptable to only offer legacy, non-attested, non-scoped MFA for a finance platform in 2020. It is incredibly easy to implement WebAuthn at this point.

    Happy to discuss WebAuthn with the product team privately if needed.

  • this is actually ridiculous. Mint, Clarity (by Marcus), YNAB, etc. all have it.

  • TGP
    TGP Member ✭✭✭✭
    Options

    Has any progress been made on this? I can not believe that we actually have to ask for this security feature.

  • Coach Nicole
    Coach Nicole Administrator, Moderator admin
    Options

    Hi all,

    We appreciate your feedback and patience while we work to get this feature enabled. At this time, we don't have an ETA. However, as soon as we have any new updates, we'll be sure to post on this thread.

    Thank you! -- Coach Nicole

  • Coach Natalie
    Coach Natalie Administrator, Moderator admin
    edited September 2020
    Options

    Hello All,

    Great news! We are currently working to implement this into Simplifi, although I do not have an ETA at this time. :smile:

    -Coach Natalie

  • adizzlefoto
    Options
    Would be great to up the security since there is financial data & personal data for that matter (where someone shops, where they eat all the time, etc).
    Would suggest at the very least needing text codes. But also if people want to activate other levels of security, then using things like the yubikey and authenticator apps

  • hondo
    hondo Member
    Options
    I noticed it's been several months since there's been an update here about two-factor authentication. This is a primary concern for myself as well. At the very least, logging into the website version of Simplifi should have two-factor authentication via SMS texting. As much as I like Simplifi, it's worrisome to think it could be used as a roadmap for my financial data. Our Quicken accounts already have our phone numbers for SMS texting so it would seem this should have been available from launch.
  • cncb
    cncb Member ✭✭
    Options
    Please add this.  I probably will not continue past the trial if this is not in place.
  • cbconine
    Options
    Please add 2 factor authentication as an option to the sign in/on process.
  • HidireTrain
    HidireTrain Member
    edited November 2021
    Options
    I just went to sign up for a free trial but noticed there isn't MFA. I will not use a budget app that does not have MFA. 
  • crankymick
    Options
    Also, please educate your support personnel on what MFA for login means. I spent quite a bit of time getting the runaround from the Simplifi support team before Googling and finding this post. I've sent the link to this post, now, twice, to those working on my ticket, and they do not seem to understand what I'm asking about.
  • markb
    markb Member ✭✭
    Options
    Like others here I am also disappointed in what I see in this thread.

    I set up my Simplify account because of a forcing issue with the vendor I used previously, and picked Simplify because reviews indicated support for 2FA.  I was extremely disappointed to see that "2FA" here was just SMS messages, something that has been known to be inadequate and all too easily hijacked for a long time.

    And worse, it isn't like this was around before that. Instead, it was *added* to the product within the last year. How in the world did you pick this up as a feature to add in late 2020 and still decide to use an SMS implementation?

    Why is it that financial institutions consistently have the worst security implementations that lag so far behind on best practices?