Two-factor authentication for Admins
one of the things I've mentioned that is a concern for us is the compromising of our member lists.Is there any wish list item for TWO FACTOR authentication for Admins?we'd be willing to have a bit more effort to login if we could get a text sent to our smart phone with a second passcode...thanksPhil
Scott Jordheim commented
Hoping this gets implemented soon.
Albert Park commented
Wow, just went to turn on 2FA for admins ... and there isn't any. This is a deal breaker for our organisation as the risk is too great. Time to move to an alternative offering that takes online security seriously.
Lincoln Phipps commented
This is getting to be a critical gap. Been on WA for past year but I have been avoiding adding our member data to WA and have been using it as a glorified website but we now want to move to using payments.
Given we now pay 60 bucks a month at the very least expect the admin interface to use a 2FA so reducing the risk of someone or something harvesting our member data, or worse, changing payment details.
It cant be that hard to wrap the admin pages in something like Twilio authy or some other mechanism - there are a huge number of solutions.
Why isnt this being done?
ACFE-GTA Chapter Admin commented
2FA through either an app like AUTHY or a SMS message seems to be a basic requirement today given the level of cybercime that exists. The amount of member information on the site requires this level of access control at a minimum.
2 factor authentication should be for ALL especially when confidential data (BDay, SSN, credit card, etc) information is in the database. This is NOT just an admin requirement.
Two factor authentication for admins, please. Supporting U2F would be ideal, app-based one-time passwords would be okay, SMS would be better than nothing.
T J Zsemba commented
This feature is past due for a cloud-based solution like WA.
Seriously. How is this not available yet, Wild Apricot? I'd love to see support for U2F keys, but I'd take Google Authenticator codes. Having nothing is just not acceptable.
is 2fa not available yet?
Christoph Fischer commented
I absolutely agree!
A 2F Authentication would be a major upgrade and would help calm the voices of concern from the BOD and members of our organization alike!
Lynn McDermott commented
2 Factor authentication, password is definitely not enough for login security.
Warren Marshall commented
This is something that should also be an option to setup for members. Can we please get an update on what is happening with this wishlist
Jack Scown commented
2 Factor authentication for admins is a must. In my profession, we use this for all cloud admins to access management portals of O365, AWS, Azure, etc. Please move this forward ASAP.
Yes, I agree with everyone. We need 2-step verification ASAP.
Our board is questioning the security issues (we recently held a Cyber security issue, which brought our own system to question) with our database on Wild Apricot which currently does not have this. Or even "sign on from a new computer" feature would definitely help while the 2-step verification is in the works.
Otherwise, the board is going to look for new service providers who offers 2-step verification up on login.
Anything that improves the security to administrator access. Having just a password leaves the site very vulnerable to hacking. Please implement stronger security as soon as possible. I am very worried about being hacked and details of my members being accessed.
WildApricot solutions that we all use carry lots of personal data, and protecting this data should be a top priority for administrators. I believe that our users expect us to protect their data and we should also do all we can to prevent unauthorised access to it. With all the hacking of databases going on, we are vulnerable with only username and password. Two step authentication cannot come quick enough.
AGREED! After large scale data breaches at large cloud service providers, adding two-step authentication has been a reactionary step (think: Dropbox, Apple/iCloud).
Two-step authentication should be a standard offering to protect our data.
SMS and Google Authenticator options would be great.
Dmitry Buterin commented
Now there is a wish list item for two-factor :-)