Add 2-Factor Authentication/Multi-Factor Authentication to App [edited] (2 Merged Votes)

Rocket Money supports MFA [removed - accuracy]. Maybe you guys can copy paste their like 3 lines of code to support this PLEASE. FOR THE LOVE OF GOD. SMS sucks as a second factor.

Any update on this feature request?

I tried with a different browser and it did ask for text message.

Can we please get an update or a time-frame on when MFA will be implemented into Simplifi? The fact that anything tied to financial data and does NOT have MFA is astonishing. Considering this thread started in 2019 and it is now 2024 with no ETA on a core security function to protect customer data does not make me feel comfortable.

Would be nice to see an update on this considering security should be number 1 on the list of things an app like this embraces.

As Simplifi starts asking to review the app on a grade of 0 to 10 via a popup, I suggest you all factor in the fact that - for an app that aggregates all your personal finances - SMS 2FA is absolutely not enough. I voted on my satisfaction accordingly.

I work for a financial product company that deals with banking data. Our clients started requesting us to support 2FA even though none of our product services are exposed to the open internet. We started building it and are able to deploy it within 3 months supporting many forms of MFA, and we are a small company. A company as big as quicken should have been able to implement this feature by now. I have constantly argued with product owners who prioritize new features over security improvements as there's no ROI on the latter, until the crap hits the fan.

I am new to Quicken as it was highly recommended. I started to set up my information but found that Quicken only offers antiquated 2FA using email, SMS and phone calls. These are susceptible to hacking and SIM swapping. Since these vulnerabilities are well known and since the information we are uploading is highly personal I was expecting to see OTP 2FA ( I use Microsoft Authenticator and Google Authenticator) and I was also expecting to see software and hardware passkeys offered (I use Yubikey).

I don't understand why the more secure 2FA methods are not offered as they have been around for a long time.

I see many comments on this subject here in the community and it looks like Quicken is not interested in protecting their customers data.

I am not interested in using the older methods and though Quicken is an amazing product, I am seriously considering cancelling my account.

Quicken team,

For years, companies and consumers have been warned by NIST, CISA, the FBI, and other trusted entities that SMS-based MFA is weak - NIST removed it as a recommended method 9 years ago. Authenticator apps generating revolving tokens are better (still not foolproof), while new methods like FIDO passkeys are recommended path forward.

Financial institutions in the US are increasingly being required to implement stronger MFA requirements than the old SMS method by evolving regulations (GLBA Safeguards rule, NYDFS Part 500, etc.) and Quicken should be aligning to these practices even if it's not technically a covered entity under the regs; Simplifi holds our sensitive financial data, and now, with your new A2A feature that enables the actual movement of funds, it's imperative you are keeping pace with modern cybersecurity best practices like phishing-resistant MFA.

Short term, please add support for Authenticator App-based OTP MFA instead of SMS and then fast-follow with passkey support. A product that involves connections into users' banking & investment institutions needs to follow MFA best practices, period. Continuing to offer us only a known-weak MFA solution that's been warned against for nearly a decade sends a bad signal to your customer base about Quicken's priorities in protecting our data.

How is this acceptable for a finance app not to have proper MFA support in 2025? It's a big mistake switching to your app. It worked initially and got a SMS at least, and for any new logins from a different workstation or a different phone, it's not forcing MFA at all. Speaking with support hasn't been productive either and they are just saying they are aware and working on resolution. Please fix MFA first and add app based MFA instead of SMS.

Simplifi Personal, Simplifi Business and Personal, and Quicken LifeHub rely solely on SMS, phone calls, and email codes for verification. This security model might have worked back when “multi-factor authentication” and “cloud computing” were still buzzwords, but those days are long gone.

Since NIST (2017), CISA (2022), and the FFIEC (2021) all formally recognized SMS, PSTN, and email codes as “restricted” or phishable, every major standard-setting body has warned against relying on them for high-risk systems. These outdated methods are unsafe for products that connect to or store sensitive personal and financial data since they remain vulnerable to SIM-swaps, call interception, social engineering, and phishing.

This is especially alarming for LifeHub, which is marketed as a secure storage platform for personal IDs, insurance policies, powers of attorney, tax returns, and more; where a single email breach could expose everything in that vault.

Nearly every direct competitor has moved beyond SMS/Calls/Email only authentication; including personal finance, accounting, and password management platforms. Quicken remains one of the few major financial platforms that has not implemented modern, phising-resisent MFA.

This concern has been raised repeatedly over several years, yet I still cannot find a clear roadmap or implementation timeline. Without phishing-resistant MFA (Passkeys, Hardware Security Keys, or at least App-Based Authenticators - TTOP), users remain exposed to attacks that no encryption can stop. Several colleagues of mine in the accounting and financial professions have advised clients to transition to platforms that adhere to current industry security standards and actively prioritize user protection (Industry Standard MFA/Access Controls).

Can you provide an update on the development timeline for implementing these baseline security protocols across Simplifi and LifeHub platforms? Would love to continue using both the Simplifi Business and Personal and LifeHub platforms!