Add 2-Factor Authentication/Multi-Factor Authentication to App [edited] (2 Merged Votes)
Comments
-
Agreed. MFA is a must. Security minded folks would also want to ensure that data at rest on Quicken servers is also fully encrypted and not accessible to Quicken employees or contracted agents.7
-
Still as an end user, I need to be challenged to be able to log into my own account.1
-
That would definitely be a nice option to have in the app as an extra security layer, probably something you can turn on/off if needed!1
-
@TGP that's a great suggestion!
1 -
Coach Paco, regarding the multi-factor authentication on the "mobile app", I am having a problem. I am using the android app on a motorola g6 phone. I receive pop up that my bank needs to confirm my identity and gives me the option to email or text the verification. when I chose one or the other and press the VERIFY button, I received the code from my bank, but the app does not allow me to input the code. I have to go to my browser on my computer to update my account. Thanks Tim
0 -
@tgraves2b@yahoo.com I appreciate you bring that to our attention. I'm going to test this out so I can get this submitted for us!
1 -
New here, so please forgive if this is the wrong place for this. I've been playing with the product for a couple of weeks now. Really nice and look forward to seeing it evolve. But the lack of 2FA is problematic. If nothing else, in 2020 a finance web site, even one that is 'view only', really has to support 2FA. It gives just that much more confidence to add in all my accounts. Keep in mind that some fraud begins with learning who to target. Even just being able to see this data could put someone at risk. 2FA really needs to be something added sooner versus later.
2 -
@simplij This is certainly the right place for your comment. Several of our early users have requested better multifactor authentication functions in Simplifi, beyond the ones that are offered when you're first setting up an account. So far, the majority have asked for the ability to turn MFA on or off for individual accounts. There are currently administrative options to enable 2FA for an individual user, but since it turns it on for all functions, including login, and can't be turned off by the user, our support team is looking for ways to make it more selective. When we hear back from them, we'll post an update here to let you know how we plan to handle this. Thanks for your suggestion!
1 -
As we read over and over, SMS based 2FA is ‘lacking’. I’d really like to see OTP support! Thanks!
0 -
I agree. My personal preference would be a toggle that would set an individual account to always request a one-time passcode via text on login, or turn that option off if I'm okay with just username and password authentication. We appreciate your comments.
1 -
Just to make sure we're talking about the same thing, I'm referring to logging in to Simplifi, and not about specific linked accounts.
2 -
@simplij I understand. You'd like to exchange an OTP with Simplifi every time you log, in for extra security. I know this is important to a lot of users, and we definitely want to find the best way to make that option available to you.
2 -
I agree, this is definitely important. Not only SMS MFA but OTP using apps like Google Authenticator or Authy would be great.
1 -
Thanks!
0 -
As it uses Quicken / Intuit's login, I'm surprised it doesnt also incorporate their 2FA.
1 -
I guess this is more a request for the Quicken people as we use a Quicken account for logging into Simplifi.
Please add support for WebAuthn for both passwordless login and second factor. It is completely unacceptable to only offer legacy, non-attested, non-scoped MFA for a finance platform in 2020. It is incredibly easy to implement WebAuthn at this point.
Happy to discuss WebAuthn with the product team privately if needed.
1 -
this is actually ridiculous. Mint, Clarity (by Marcus), YNAB, etc. all have it.
1 -
Has any progress been made on this? I can not believe that we actually have to ask for this security feature.
1 -
Hi all,
We appreciate your feedback and patience while we work to get this feature enabled. At this time, we don't have an ETA. However, as soon as we have any new updates, we'll be sure to post on this thread.
Thank you! -- Coach Nicole
0 -
Hello All,
Great news! We are currently working to implement this into Simplifi, although I do not have an ETA at this time.
-Coach Natalie
4 -
Would be great to up the security since there is financial data & personal data for that matter (where someone shops, where they eat all the time, etc).
Would suggest at the very least needing text codes. But also if people want to activate other levels of security, then using things like the yubikey and authenticator apps
2 -
I noticed it's been several months since there's been an update here about two-factor authentication. This is a primary concern for myself as well. At the very least, logging into the website version of Simplifi should have two-factor authentication via SMS texting. As much as I like Simplifi, it's worrisome to think it could be used as a roadmap for my financial data. Our Quicken accounts already have our phone numbers for SMS texting so it would seem this should have been available from launch.1
-
Are there any plans to implement Time-based One-time Password (TOTP) support? It would help mitigate against SIM-jacking attacks that are very common and relatively easy to do these days.5
-
Please add this. I probably will not continue past the trial if this is not in place.1
-
Please add 2 factor authentication as an option to the sign in/on process.
2 -
I just went to sign up for a free trial but noticed there isn't MFA. I will not use a budget app that does not have MFA.4
-
Another vote for a MFA solution. It's almost 2022 and MFA is top of all cybersecurity best practices.
That being said, users should also be using a unique, impossible to guess password. It doesn't help that Simplifi doesn't support multiple logins (spouses) for a single account which requires a shared password. I'd pay more for my spouse to have their own login with MFA.5 -
Also, please educate your support personnel on what MFA for login means. I spent quite a bit of time getting the runaround from the Simplifi support team before Googling and finding this post. I've sent the link to this post, now, twice, to those working on my ticket, and they do not seem to understand what I'm asking about.
2 -
Like others here I am also disappointed in what I see in this thread.
I set up my Simplify account because of a forcing issue with the vendor I used previously, and picked Simplify because reviews indicated support for 2FA. I was extremely disappointed to see that "2FA" here was just SMS messages, something that has been known to be inadequate and all too easily hijacked for a long time.
And worse, it isn't like this was around before that. Instead, it was *added* to the product within the last year. How in the world did you pick this up as a feature to add in late 2020 and still decide to use an SMS implementation?
Why is it that financial institutions consistently have the worst security implementations that lag so far behind on best practices?
2
