Add 2-Factor Authentication/Multi-Factor Authentication to App [edited] (2 Merged Votes)

13

Comments

  • jresman
    jresman Member

    It would be awesome if you could support multi-factor authentication for your Quicken account. Preferably Google Authenticator or the like.

  • RobWilk
    RobWilk Superuser ✭✭✭✭✭
    edited November 2023

    Rather than starting with 1-vote, consider voting on the existing idea here (scroll to top of page 1):

    [removed link to merged thread]


    Rob Wilkens

  • RobWilk
    RobWilk Superuser ✭✭✭✭✭

    Google authenticator, though, is only as secure as your google password, since it's backed up to google's servers (they may have access to your codes). I use it, too, though because it's an extra "layer" of security.


    Rob Wilkens

  • jresman
    jresman Member

    Thanks I just found that page! I can close this one.

  • J.Shwa
    J.Shwa Member

    I'm a Mint customer transfer and am surprised that Simplifii doesn't have MFA. This is a MUST-HAVE
    Upvoting this request with both thumbs!!

  • kollock
    kollock Member

    Man, came here looking for a feature request to disable 2FA on the web. It's a read only platform. At least having 2FA be optional would be nice.

  • daddiowen
    daddiowen Member

    MUST-HAVE for authentication on Simplifi. Please implement sooner than later. Someone remarked that it's a read-only platform, but there are lazy individuals who leave passwords lying around on desks or in drawers. I doubt these folks would want someone looking at their financial information, especially transactions and balances.

  • Pumpin Nickels
    Pumpin Nickels Member

    Now that some MFA has been implemented, I'd like to follow-on to request using a dedicated Authenticator app or similar. The problem with using email or phone/SMS for MFA arises when the bad guy compromises your email or SIM swaps your phone to start receiving those codes. Dedicated apps like Authenticator (Google, Microsoft, others have their own) require their own MFA to login, like biometric unlock.

    tl;dr thanks for SOME MFA, but now please let me use an Authenticator app as well.

  • Pumpin Nickels
    Pumpin Nickels Member
    https://community.simplifimoney.com/discussion/comment/20683#Comment_20683

    This is false. Like most major platforms, Google uses myriad data points to validate you are you when accessing Google stuff. Password alone does not grant access, especially if the device you're using has updated or otherwise changed. Microsoft, Apple, every financial institution, etc. Authenticator apps from any major tech institution remain the most secure MFA methods.

  • Brian23
    Brian23 Member ✭✭

    Wait, when did SMS MFA get added?

  • Pumpin Nickels
    Pumpin Nickels Member
    https://community.simplifimoney.com/discussion/comment/21491#Comment_21491

    Must have been recent! I've only been a customer for a few days, a Mint refugee.

    Regardless, I'll stop hovering after this final point because I was confused as well: Google's Authenticator app codes used to be stored on your device for top security. They are now stored in your Google account because losing your phone used to mean losing all access to Authenticator/OTP-secured apps. The important point here is you can't manually retrieve or interact with these codes, no human can, by design. Similar to a password safe, only the Google Authenticator app can retrieve the critically-private 'seed' value these codes are generated from using its secret, upside-down, backwards handshake.

    This does create a threat vector since your data is being copied remotely in exchange for the anti-lockout convenience. Some super smart APT could theoretically reverse engineer the Authenticator app, deploy it to 1+ victim phones, and harvest. IMO that's vastly more effort than email compromise or SIM-swapping though, so if we're talking money vs effort, they'll do the latter.

    If I've learned anything from cybersecurity: Being a more annoying target than the next person on the harvested credentials list is what saves you. Also freeze your credit. <3

  • shawnt
    shawnt Member

    Being able to use a 2FA app and not just a text code would be very nice.

  • Brian23
    Brian23 Member ✭✭

    I'm still not prompted for SMS 2FA, even when trying incognito.

  • Bobbysox
    Bobbysox Member

    Agreed and added a +1 vote.

    Would like to see options for an authenticator app (Authy, Google Authenticator, etc) as well as security keys to secure this data both on mobile and in the webapp.

  • kash80
    kash80 Member

    +1 vote for authenticator app based 2FA. My wife and I used mint before and used Authy. Now, I need to be around if she needs to login.

  • jacobg
    jacobg Member

    Yes, please add 2FA TOTP support, e.g., Google Authenticator. Everyone knows SMS is not secure, i.e., SIM swapping, etc.

  • Rock Beauty
    Rock Beauty Member

    How does one upvote a feature request? Is it a comment alone?

  • whyme
    whyme Member

    Yes, add MFA

  • jesstifer
    jesstifer Member

    Recent emigre from Mint. Shocking that even after a restart on desktop Mac, all my financial just pops up when I launch the site. Not even a simple password request, much less MFA. I'm not a security freak, but I find it disconcerting to say the least.

  • RBSimplify
    RBSimplify Member

    Security loop hole , being so many accounts information there is no MFA to enable for logins as in this current security cybersecurity world, mfa is minimum so we can feel safe

  • B. Smith
    B. Smith Member

    I believe two-factor authentication should be a high priority for the app since it contains my financial details, including account information for my bank accounts, CC, etc. PLEASE add this soon!

  • TryingSimplifi
    TryingSimplifi Member

    Agreed!!!!! It needs to connect to an authenticator app at the very least. I would like the option to need to use a security key to access it.

  • Marky D
    Marky D Member

    This thread started in 2019. It is now 2024. A paid for service like Simplifi should have MFA.

  • gepacct4
    gepacct4 Member

    Moving over from Mint (Intuit Product). Don't you guys talk to each other. Mint had 2FA and also had an interface for Citi Cards. Get with the program, please.

  • ajbopp
    ajbopp Member ✭✭✭✭

    FYI, Quicken and Quicken-Simplifi are not Intuit products.

    Anthony Bopp
    Simplifi User Since July 2022
    Money talks. But all my paycheck ever says is goodbye

  • UrsulaA
    UrsulaA Superuser ✭✭✭✭
    edited February 5

    The mobile app has some MFA options. Your request already exists vote for it below. The more votes, the more likely your request will be considered.

    [removed link to merged thread]

    Simplifi User Since Nov 2023

    Minter 2014-2023

    Questionable Excel before 2014 to present

  • Marky D
    Marky D Member

    What exactly is there to vote for here?! Do we want our money and credentials safe? YES. Why this is not a top priority within Quicken is troubling.

  • johneee
    johneee Member
    edited February 27

    Bumping this! MFA is imperative for financial apps. RSA is literally on the way out the door with the advent of quantum computing. This company is putting all of our financial data at risk by not implementing ASAP.

    How was the last post on this in 2022. I will not renew my subscription if this is not remedied.

  • DBJordan
    DBJordan Member

    New user here, just signed up. First thing I did was look in the security settings to enable OATH TOTP, but… could only find SMS. I agree, it's rather disappointing.

  • rhayle
    rhayle Member

    Simplifi DOES have MFA. I'm seeing a lot of misinformation here. What I would like to see is TOTP support instead of SMS-based MFA, which is inherently insecure. Either the description of this issue should be updated, or it should be closed as complete.

Categories