[Feature] Two factor authentication

Lucky_Spec · 21 October 2020 14:41

The most logical place that I see MFA being applied is at login.

I agree that having to go through MFA each login is not a great user experience.

In that sense, why not maintain an authenticated session, let’s say 30 mins, where you have to login with MFA at beginning and for next 30 mins you won’t need to go through MFA again?

As @OJFord said, the customers may not always know what’s the best, hence why decisions such as those related to security should be enforced by the service and not left up to the users.

hookedinvesting · 21 October 2020 14:45

Personally I’d hate that.

First login on a new device would be okay, as long as I didn’t have to do it every time my IP changes.

OJFord · 21 October 2020 15:05

When provisioning a new device.

‘Something you have and something you know’ - once provisioned the device is ‘something you have’ and the (already present) passcode is ‘something you know’.

DrPigeon · 14 February 2021 09:01

Security should be a priority no matter what imo.
If your customers are putting thousands onto a platform, it just makes sense have MFA.

I’ve put MFA onto platforms with no monetary value and would argue this should just be standard already.