Add 2-Factor Authentication/Multi-Factor Authentication to App [edited] (2 Merged Votes)

24

Comments

  • markb
    markb Member ✭✭
    This is related to the larger multi-factor authentication discussion, but is not a duplicate and shouldn't be merged.  The first and most critical issue (in my view) is supporting TOTP as that will be available to everyone and benefits all of your users.

    This is a separate request, which is to also support hardware security keys via U2F for MFA. Note that in order to avoid the same problem you have now with not being able to share an account this implementation will need to support multiple security keys.  (It should anyway, for users like me that have one key they use at home, and another one with NFC support for authentication with mobile apps).
  • Poptarts
    Poptarts Member ✭✭
    edited March 2022
    Yes, completely agree this app needs MFA. Would love to see this at the top of the priority list. 
  • Jo_Bots
    Jo_Bots Member
    agreed agreed totp not SMS based 2FA. Priority number 1. 
  • online financial products need to include multiple security options for users that include TOTP and hardware keys. Give users options that will meet their security desires.
  • I would like to request this too.  I'm honestly shocked that this wasn't there on day one given the day and age we're in.
  • kwimmer
    kwimmer Member ✭✭✭
    Considering the app cannot move money in your accounts and is only pulling transaction data I do not see this as a major need. Personally I am annoyed that I have to do MFA on some of my accounts just so Simplifi can even pull in my transactions. It is just one extra step that slows down my ability to quickly check where I am at in my budget. 

    That being said if someone can log into your Simplifi account and access any of your actual bank account information then that is a whole other security issue that falls on Simplifi and their back end, not the user facing side. 
  • As others have said already, the ability to use an app (such as the Google Authenticator or Microsoft Authenticator apps) for multi-factor authentication would be a significant and welcome improvement in Simplifi security. Please push this to the top of the priority list for expanded capabilities.
  • pst
    pst Member ✭✭✭
    Yes! Absolutely. Please support Security Keys too! And the ability to add more than one, in case your user loses their wallet.
  • Booksy
    Booksy Member
    edited January 2023
    Dear powers that be at Simplifi, 
    MFA (or even 2-factor authentication) is now standard practice and has been for years, especially in regard to anything that has a user's financial information. The smart consumer will not use your app until you have this. Add this and I, and numerous other consumers will be back. I'm even willing to pay a little more if you add MFA (say $40/year as opposed to the current fee of $36/year). How many of your users [see the many posts in this community here] calling for MFA does it take for you to heed them and make this change?

    I really wanted to use this application. I was really excited about it. I read a thorough review of this app in Wirecutter/the NYT which recommended Simplifi and YNAB (I'm a ex-user of YNAB. They went against their word and raised the yearly fee more than they had told their long-time users they would, so I quit YNAB).
    One reason Wirecutter (apparently mistakenly) recommended Simplifi was because the reviewer said it had MFA. The reviewer made it clear they could not recommend any budgeting app that did not have MFA, since that is a basic requirement to protect one's personal information. Since Simplifi does indeed not have MFA, I am ending my free trial.

    I was really excited about this app. I am extremely disappointed you don't offer the basic, consumer-safety practice of MFA. A cheap fee is no deal if one is sacrificing the protection of one's personal information. Good day and good luck to all who remain using Simplifi! [removed - disruptive]
  • Booksy
    Booksy Member
    I am referring to MFA as part of the log in process.
  • Flopbot
    Flopbot Superuser ✭✭✭✭✭
    @Booksy,

     Are you not challenged by 2FA when you log into Simplifi Desktop?  I have been occasionally - all the time recently? - since October 19th.  I’m not sure how mine got turned on.
    Chris
    Quicken Desktop user since 2014.
    New to Simplifi in 2021.
  • Flopbot
    Flopbot Superuser ✭✭✭✭✭
    @Booksy,

    One additional clarification.  You are talking about 2FA on a desktop (the Desktop App), correct?  Not the Mobile App.
    Chris
    Quicken Desktop user since 2014.
    New to Simplifi in 2021.
  • samH
    samH Member

    Simplifi team,

    What's the status on this? I just started using the app more seriously and I was terrified to find out there is no MFA for the app - and as everyone said, we prefer TOTP instead of just sending a text message.

  • Coach Natalie
    Coach Natalie Administrator, Moderator admin

    Hello @samH,

    Thanks for reaching out!

    Sadly, there is no further update to provide on this request at this time. If you navigate to the very first post in this thread, you'll be able to see the status of the Idea, and a note stating that we are working on adding MFA to the Simplifi Mobile App. Once any new updates become available, we'll be sure to update the status accordingly, so please be sure to keep an eye out for any news.

    We appreciate everyone's continued patience!

    -Coach Natalie

  • Been a while since this thread had any updates and it'd be nice if that's because the issue was resolved. I'm a new user and cannot find a way to do this.

  • RobWilk
    RobWilk Superuser ✭✭✭✭✭

    @Mr. M If nothing else you bumping this post up caused it to get an extra vote (from me).. I've recently started using multifactor authentication more, typically with google authenticator, though in reality that's only as secure as my google password (authenticator is backed up to google's cloud).


    Rob Wilkens

  • Mike Circuitry
    Mike Circuitry Member
    edited September 2023

    [removed] It would also be great to at least require bio metrics (face Id, finger print) to access the app on mobile devices

  • Beltifi
    Beltifi Member ✭✭✭
    edited November 2023

    I didn't want to create another request. Is there any plan to add at least a timed Face ID or fingerprint to access the mobile account? I don't like the fact that if anyone has access to my phone, if they click on the app, they have access to all my financial information.

  • Just signed up and set up Simplifi today (coming from Mint) and was shocked to discover that after the initial login on the app during setup, absolutely no authentication is required to open this app which contains all my financial information, nor is there any option in the settings to enable it. Am I missing something here or is this just how it is?

    For reference, I had to login with 2FA just to browse these forums and leave this post, but not to use the app full of personal information?

  • RobWilk
    RobWilk Superuser ✭✭✭✭✭

    In general, if someone is concerned about security, they probably have a lock on their phone screen. If the app is accessible at all, that implies the phone has been unlocked, which implies the person accessing the app should always be the person locking the phone. It's silly to require additional biometrics on top of what was used to unlock the phone.


    Rob Wilkens

  • RobWilk
    RobWilk Superuser ✭✭✭✭✭
    edited November 2023

    @Beltifi I just turned on TouchID in Quicken Simplifi on my Android phone. The function is already there, it's on the menu on the top right of the home screen (the little person) and select "Passcode & Touch ID".


    Rob Wilkens

  • Beltifi
    Beltifi Member ✭✭✭

    You are correct! I just now see it. Honestly it wasn’t there before. That was very quick. Thank you. I enable it.

  • SMS and email OTP is not secure enough for a site like Simplifi. We need the ability to have 2FA / MFA through an authenticator app.

  • RobWilk
    RobWilk Superuser ✭✭✭✭✭
    edited November 2023

    This exists with existing votes here.. the coments on the post talk about authenticator apps specifically. Please consider adding your vote.

    [removed link to merged thread]


    Rob Wilkens

  • It seems insane to have a banking app that doesnt itself support 2fac authentication on login..

    To clarify, talking about Simplifi itself, not bank connections. I'm very concerned that login for Simplifi on the web or in-app is user and pass only with no option MFA.

  • How is 2FA still not available? the antiquated level of security with email/text passcodes that are too easily compromsed. How is 2FA with a passcode still not a thing?