Add 2-Factor Authentication/Multi-Factor Authentication to App [edited] (2 Merged Votes)

124»

Comments

  • Adele F
    Adele F Member

    It is absurd to me that an application that has all of a person's financial information in it would not provide MFA. The web application needs it more than the desktop application as the web is much more accessible than an application on my desktop. I just subscribed to this service today and am very seriously considering canceling my subscription due to this major hole in security. Please get this addressed ASAP.

  • RobWilk
    RobWilk Superuser ✭✭✭✭✭

    @Adele F For the web app, I'm prompted for text-message-code verification the first time i sign in on a new computer (or after clearing cookies) to the best of my knowledge. That is MFA for the web app. Some people would prefer Google Authenticator verification, but that is slightly less secure than Text Message verification because it's backed up to google and anyone with access to your google account (including, likely, google employees who may be able to reset your password or otherwise access it) can get those codes.


    Rob Wilkens

  • 5impl5abi
    5impl5abi Member ✭✭

    Clarification: "Google Authenticator" 2-step verification (2SV) is used synonymously with one-time passcode (OTP) authentication (learn more https://en.m.wikipedia.org/wiki/One-time_password ).

    Google's Authenticator is an easily recognized OTP app, but many, many apps support OTP. To be clear, OTP is more secure than SMS because it's not subject to SIM swapping and account takeover attacks ( https://en.m.wikipedia.org/wiki/SIM_swap_scam ).

    REQUEST: Quicken should support Username, Password, + OTP as a default option in 2024, especially since you aggregate, store, and process our financial information.

  • Quicken User
    Quicken User Member

    Please deploy OTP Multi-factor (Google Authenticator, Authy, etc.) as soon as possible. Quicken's existing multi-factor methods (SMS, phone, or email) are readily compromised. This is a finance app after all. Quicken is not following NIST best practices and this puts Quicken customer information at risk of being stolen.

  • internetperson
    internetperson Member

    Even Quicken's Chatbot AI correctly summarized that this state of affairs is "insane" — see attached! Please fix!

    Screenshot 2024-04-22 at 7.29.49 PM.png

  • quickdev
    quickdev Member

    +1 for this feature.

  • beans
    beans Member
    edited April 30

    Rocket Money supports MFA [removed - accuracy]. Maybe you guys can copy paste their like 3 lines of code to support this PLEASE. FOR THE LOVE OF GOD. SMS sucks as a second factor.

  • ajbopp
    ajbopp Member ✭✭✭✭
    edited April 30

    It's not the same parent company, as far as I can tell. I'm pretty sure Rocket is from Intuit. Quicken is from...Quicken.

    Also, it's not three lines of code. It's hundreds. Plus extensive database changes. Plus hundreds of hours of testing. It's a big, big deal. Not that I don't support this change, but SMS doesn't suck so much that it warrants prioritizing this over, say, watchlist projection accuracy.

    Anthony Bopp
    Simplifi User Since July 2022
    Money talks. But all my paycheck ever says is goodbye

  • DG1993
    DG1993 Member
    edited May 15

    Any update on this feature request?

  • RobWilk
    RobWilk Superuser ✭✭✭✭✭

    Not only is it not there yet, but on new logins (*cleared cookies) it's no longer doing text message verification as it was.


    Rob Wilkens

  • kash80
    kash80 Member
    https://community.simplifimoney.com/discussion/comment/35689#Comment_35689

    I tried with a different browser and it did ask for text message.

  • RiversideKid
    RiversideKid Member ✭✭✭

    I use 1password which is a HUGE convenience as I only need one password for all of my financials. the app keeps a really strong password and my 2fa challenge for most financial sites. I know there is some security built into the Simplifi by Quicken app, but I would feel more comfortable if Simplifi used passkeys with an app generated multi factor authentication.

    I sign in from multiple computers, often computers that were just built as I am a PC Tech. I am RARELY asked for anything except the username and password. (I also clean my pc with a script every time I close the browser so that the computer looks fresh each time I open a browser.) I would hate to think that Simplifi will allow login from any computer just because my history indicates that I often sign in from computers that have no history.

    Quicken for Windows user since 1994 (After MYM for DOS)
    Simplifi by Quicken since 2023

  • darkknight01
    darkknight01 Member

    Can we please get an update or a time-frame on when MFA will be implemented into Simplifi? The fact that anything tied to financial data and does NOT have MFA is astonishing. Considering this thread started in 2019 and it is now 2024 with no ETA on a core security function to protect customer data does not make me feel comfortable.

  • Mountain Man
    Mountain Man Member

    I realize the Simplifi is the new kid in the block. But please add more security, just SMS/TEXT pin code is not enough. can we include MFA Google Authenticator or Microsoft auth, etc.. Also Email pin as an option would be great too.
    Also if you had an option to send email notification or even SMS whenever we login to let us know so and so/from some where just logged in, that would be great. Since all our financial data is centralized in one place as you can see it makes sense to be little freaked out ;)

  • madmoondog
    madmoondog Member ✭✭

    Would be nice to see an update on this considering security should be number 1 on the list of things an app like this embraces.

  • kash80
    kash80 Member

    My SO and I share the login and having 2FA with SMS sucks as one is dependent on the other person being around. Having MFA using an authenticator app is a no brainer. It would be great if the the app team can provide an update on this.

  • CR Fort Nine
    CR Fort Nine Member ✭✭

    It's 2024 and even the most innocuous platforms support TOTP 2FA. Even the US Government supports 2FA with Login.gov and ID.me.

    In honor of cybersecurity awareness month, please consider adding support for TOTP 2FA authenticators. SMS & email OTPs are not very secure for compromised devices/networks (for example SS7 hacking). Thank you!

  • SRC54
    SRC54 Member ✭✭✭✭

    I don't want it frankly. It is already enough for me that I have to reply to a text message whenever I download the app again. But it's ok with me as long as we can turn it off.

    Steve
    Quicken Simplifi (Safari & iOS) Since 2021
    Quicken Classic (MacOS) Since 2009
    Microsoft Money (Windows) 1991-2009
    Dollars & Cents (DOS) 1987-1991

  • pst
    pst Member ✭✭✭

    As Simplifi starts asking to review the app on a grade of 0 to 10 via a popup, I suggest you all factor in the fact that - for an app that aggregates all your personal finances - SMS 2FA is absolutely not enough. I voted on my satisfaction accordingly.

  • Humanleg86
    Humanleg86 Member ✭✭

    3 years later….Still nothing.

  • Humanleg86
    Humanleg86 Member ✭✭

    Guessing this is why so many banking institutions are blocking Simplifi…

  • CR Fort Nine
    CR Fort Nine Member ✭✭

    @Humanleg86 I'd agree except in 2024 most financial institutions are still using SMS and email 2FA if they have anything at all. Really disappointed in the financial sector's stance on security. 🤦‍♂️

Categories