nsdadmin Posted February 9, 2016 Posted February 9, 2016 This is not 2FA... it's bothering you with an email to login to your account. Two-Factor requires any two of these: Something you know (your username & password, check) Something you have (a software/hardware code generator, a Yubikey) Something you are (fingerprint, etc.) Bio-metrics are far from perfect, and usually avoided in these situations - I'm just amazed you went through the effort to implement this "2 factor send you an email" when it's simple to implement the time-based solution that is used by Google and others. I've been waiting for a long time for you to add 2FA - and to have it implemented like this is insulting; I feel like you made a half-hearted attempt to placate me (and others that want 2FA). Do it right, folks. Please. lyoder and Dilbert 2
Staff Chris Posted February 9, 2016 Staff Posted February 9, 2016 Hi, Thank you for your feedback. Pulseway currently only supports sending OTP via email at this moment, we have plans for adding support for Google Authenticator in the future too. This is a feature that is very functional and it does add another layer of security. Chris cmiller and Dilbert 2
VirtualPanther Posted February 23, 2017 Posted February 23, 2017 Over a year has gone by. Any news on bringing 2FA up to industry standard? Email verification isn't 2FA...
Administrators Paul Posted February 23, 2017 Administrators Posted February 23, 2017 Hi, We actually have this scheduled for the end of Q1 beginning of Q2 so we can say that this is definitely coming. -Paul
ComputerConsulting Posted February 23, 2017 Posted February 23, 2017 8 hours ago, Paul said: Hi, We actually have this scheduled for the end of Q1 beginning of Q2 so we can say that this is definitely coming. -Paul If it is coming, you should also put in there the ability to turn off the timeout for authenticated browsers. There is nothing more time wasting than your so called 2FA when you have to constantly login again and again. What's worse? Having to get a code via email each time.
Administrators Paul Posted February 24, 2017 Administrators Posted February 24, 2017 We will not be removing the timeout on the webapp for security purposes. We are considering on implementing a way to gradually slow down the refresh timer to a point where it stops and asks if you're still around but not logging you out only after a couple of hours. -Paul
ComputerConsulting Posted February 27, 2017 Posted February 27, 2017 On 2/24/2017 at 11:29 PM, Paul said: We will not be removing the timeout on the webapp for security purposes. We are considering on implementing a way to gradually slow down the refresh timer to a point where it stops and asks if you're still around but not logging you out only after a couple of hours. -Paul As it stands now, it's off after 15 minutes or so. I won't use 2FA because this, as it is a royal pain. I should have the ability to set the timeout. I know whether my computers are secure or not. At the moment, you are making that decision for me, but your wrong.
VirtualPanther Posted March 1, 2017 Posted March 1, 2017 On 2/23/2017 at 6:43 AM, Paul said: Hi, We actually have this scheduled for the end of Q1 beginning of Q2 so we can say that this is definitely coming. -Paul Thanks for the update, Paul. I frequently access my account in a location with poor connectivity for my iPhone - cellular or Wi-Fi. Desktop PCs, which are hardwired, work fine. As such, using an authenticator app, of which there are many options, would greatly minimize the headache. My personal choice is Authy, since it enables backup and sync across devices.
Martin_T Posted April 15, 2017 Posted April 15, 2017 On 24/02/2017 at 4:29 PM, Paul said: We will not be removing the timeout on the webapp for security purposes. We are considering on implementing a way to gradually slow down the refresh timer to a point where it stops and asks if you're still around but not logging you out only after a couple of hours. -Paul If the timeout isn't being removed from the webapp, what's the point of this setting (attached) within the RMM? The PSA has an adjustable timeout which arguably will have more sensitive information regarding clients held within.
Administrators Paul Posted April 20, 2017 Administrators Posted April 20, 2017 On 4/15/2017 at 10:29 AM, Martin_T said: If the timeout isn't being removed from the webapp, what's the point of this setting (attached) within the RMM? The PSA has an adjustable timeout which arguably will have more sensitive information regarding clients held within. That setting allows you to specify what the timeout you want it to be (within reasonable limits). You will notice that it doesn't allow you to exceed a certain limit. -Paul
ComputerConsulting Posted April 21, 2017 Posted April 21, 2017 It's still not available to us and it should be.
Martin_T Posted April 21, 2017 Posted April 21, 2017 19 hours ago, Paul said: That setting allows you to specify what the timeout you want it to be (within reasonable limits). You will notice that it doesn't allow you to exceed a certain limit. -Paul That's fine but this limit is 120 minutes (2 hours) but still expires after 10/15 mins.
Administrators Paul Posted April 24, 2017 Administrators Posted April 24, 2017 On 4/21/2017 at 2:46 PM, Martin_T said: That's fine but this limit is 120 minutes (2 hours) but still expires after 10/15 mins. That's odd. Can you try again from an incognito browser? It's possible that it's just browser cache. -Paul
VirtualPanther Posted March 3, 2019 Posted March 3, 2019 On 2/23/2017 at 6:43 AM, Paul said: Hi, We actually have this scheduled for the end of Q1 beginning of Q2 so we can say that this is definitely coming. -Paul Paul, Proper 2FA was "definitely coming" since 2016. You last updated us on its roadmap in 2017. Two years went by. No change whatsoever. Any updates?
Administrators Paul Posted March 15, 2019 Administrators Posted March 15, 2019 Hi there, We were forced to push it due to other features / issues that were more pressing. Here's our current roadmap: -Paul
cmiller Posted April 22, 2019 Posted April 22, 2019 Would love to have 2FA via google authenticator. David 1
Staff Chris Posted April 24, 2019 Staff Posted April 24, 2019 Hi @cmiller, We are actually working on the 2FA functionality, therefore it will be available into the near future.
SamIam Posted June 26, 2019 Posted June 26, 2019 I too am concerned this has not been implemented. This is considered industry standard for proper security around cloud accessible systems. Google 2FA is available on many 'lesser' systems I use and should be on something as important and powerful as an RMM. Please set this as one of the higher priorities in your development plan.
Administrators Paul Posted June 26, 2019 Administrators Posted June 26, 2019 Hey everyone, I'm excited to announce that we are working on Push-based and OTP-based 2FA as we speak. This is going to be super-awesome ! -Paul David and Tommy 2
UTS Brian Posted July 22, 2019 Posted July 22, 2019 Any timeline on implementation... and please don't say "Coming Soon" "near future" or any variation of that because it is obvious at this point the definition of that term to Pulseway varies widely from the rest of the worlds.
Administrators Paul Posted July 22, 2019 Administrators Posted July 22, 2019 This 2FA update is coming out in the first week of August. Wohoo ! -Paul
Kyle Posted August 3, 2019 Posted August 3, 2019 It is now September. What is the realistic ETA? This is why it should be the TOP priority for development! https://www.crn.com/news/channel-programs/continuum-msp-partner-hit-credentials-stolen-to-deploy-ransomware-to-several-end-customers Two different MSPs, two different RMM tools. Is Pulseway next? I sure as heck hope not. Especially since the agents have to authenticate with MY password! I suppose that in itself of a breach entry point.
Administrators Paul Posted August 4, 2019 Administrators Posted August 4, 2019 Hey Kyle, 2FA with support for Mobile App authentication, TOTP and backup codes is coming out in the week that comes. We've pushed it a bit because we wanted to make sure that everything is bug-free and working smoothly from the get-go. PS: We're still in August -Paul
Kyle Posted August 4, 2019 Posted August 4, 2019 5 hours ago, Paul said: Hey Kyle, 2FA with support for Mobile App authentication, TOTP and backup codes is coming out in the week that comes. We've pushed it a bit because we wanted to make sure that everything is bug-free and working smoothly from the get-go. PS: We're still in August -Paul That's great to hear. My bad on the Sep comment. Will it use authy or google authenticator or something else?
Administrators Paul Posted August 5, 2019 Administrators Posted August 5, 2019 It will have three authentication methods: Mobile App (Pulseway) where you will see a push notification or when you open the app you will be prompted to approve the authentication request Time-based One Time Passcode (TOTP) will work with Google Authenticator, Authy, 1Password, LastPass, etc Backup codes (hopefully you won't ever need them) You must select one of the first two options (you can have everything enabled too), backup codes will always be enabled if you have 2FA on. -Paul
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now