When do you plan to support two factor authentication / 2FA / TFA for accounts?
This is a practically cost-less feature for you to add. If you use something like TOTP (Google Authenticator compatible), there are no SMS / email costs to you to implement it. TOTP is open and there are numerous open source libraries to make this easy (like https://bitbucket.org/devinmartin/otp-sharp/src/default/). And your clients probably already have Google Authenticator installed, so it's not like it will need a lot of explaining.
Email notifications for account logins (and where from) would also be a great and inexpensive addition.
Any timeline for these practically essential security features would be appreciated.
Please sign in to leave a comment.