Request for Two Factor Authentication / 2FA / TFA

Chris

• December 11, 2019 23:39

When do you plan to support two factor authentication / 2FA / TFA for accounts?

Considering that Cookiebot allows for the direct injection of CSS / JavaScript onto a website, this really is concerning. For example, if an account was compromised, an attacker could use a custom dialog to inject ads, viruses, or steal information, possibly without the account owner even noticing! This should be a very important security feature. Most similar sites implement something like this.

This is a practically cost-less feature for you to add. If you use something like TOTP (Google Authenticator compatible), there are no SMS / email costs to you to implement it. TOTP is open and there are numerous open source libraries to make this easy (like https://bitbucket.org/devinmartin/otp-sharp/src/default/). And your clients probably already have Google Authenticator installed, so it's not like it will need a lot of explaining.

Email notifications for account logins (and where from) would also be a great and inexpensive addition.

Any timeline for these practically essential security features would be appreciated.

Thanks!

1

• 

  DSG1 Wolf

  • February 25, 2020 12:54

  I second Chris' idea - any additional layer of security is icing on the cake from my POV as a DPO.

  1
• 

  Ray Hennessey

  • October 19, 2022 08:26

  This request is three years old now.. any update on this?

  0

Please sign in to leave a comment.