Two factor authentication

GargaGarga Big grinsPosts: 64Registered Users Big grins
edited July 8, 2015 in SmugMug Feature Requests
Has not enough sites/users been hacked and compromised to make Two factor authentication a top priority?

Adobe.. that Heartbleed ssl thingo.. Now LastPass just days ago.
LastPass stating while a strong master password was absolute paramount, the saving grace for users is having 2FA enabled on their vaults.

This is the only comments from SmugMug that I can find regarding 2FA/MFA.

Apr 2014
Yes, we do love us some MFA here at Smuggy HQ. Thanks for the suggestion!

Sep 2014
Hi there, we know it’s been a while since this post went out and we totally understand how MFA would help you sleep better at night. It’s on our road map although we can’t give ETAs on when new features can be launched, I’m sorry to say. Still, it always means so much to us that you let us know which features you’re waiting for the most.

If you haven’t already, would you cast your vote for it on our official feedback forum? This helps us sort through feature requests:


Ok then, so please give this SM feedback I created back in December some love! :lust
(There's an older one called 2 Step Verification, which is actually slightly different to 2-Factor)
:help
http://feedback.smugmug.com/forums/17723-smugmug/suggestions/6842702-two-factor-authentication-2fa-or-mfa

Comments

  • leftquarkleftquark SmugMug Product Team Posts: 3,638Administrators, Vanilla Admin, SmugMug Product Team SmugMug Employee
    edited June 22, 2015
    We always want SmugMug to be and remain a safe and secure home for your photos and we actively work to ensure that this is the case. For example, recently we released Private Sharing, which enables you to give access to specific users to view your photos. MFA is another logical step in ensuring your photos remain safe and it's something we'd like to add at some point in the future. We've already started to lay the building blocks to make this happen. We'll update the Feedback Forums to keep you informed.
    SmugMug Director of Product / dGrin Afficionado
    aaron AT aaronmphotography DOT com
    Website: http://www.aaronmphotography.com
    My SmugMug CSS Customizations website: http://www.aaronmphotography.com/Customizations
  • denisegoldbergdenisegoldberg Major grins North Andover, MAPosts: 12,472Super Moderators moderator
    edited June 23, 2015
    leftquark wrote: »
    We always want SmugMug to be and remain a safe and secure home for your photos and we actively work to ensure that this is the case.
    I would love to see multi-factor authentication for my smug account.

    I have to say that I was saved by the current monitoring of my account recently; I received an email from smug saying that someone in another country had tried multiple times to log into my account along with backup information as to where. I immediately changed the login to my account.

    --- Denise
  • GargaGarga Big grins Posts: 64Registered Users Big grins
    edited July 8, 2015
    leftquark wrote: »
    We always want SmugMug to be and remain a safe and secure home for your photos and we actively work to ensure that this is the case. For example, recently we released Private Sharing, which enables you to give access to specific users to view your photos. MFA is another logical step in ensuring your photos remain safe and it's something we'd like to add at some point in the future. We've already started to lay the building blocks to make this happen. We'll update the Feedback Forums to keep you informed.

    Awesome thanks for your reply.

    Hope we see this soon!
  • colourboxcolourbox Major grins Posts: 2,095Registered Users Major grins

    Just chiming in on this thread because last night, I went through a number of my more business-critical accounts (Wordpress, Twitter, domain host, etc.) and got all of their MFA codes automated through the MFA support in my password manager (instead of Authy which I was using before). So now I have additional security, in a way that is automated and nearly friction-free, on both desktop and mobile.

    But I was surprised to find that the one business-critical login I have that does not support MFA is Smugmug, and the previous update to this thread was four years ago.

  • GargaGarga Big grins Posts: 64Registered Users Big grins

    Yeah, ridiculous.

    I certainly don't go crazy and activate 2FA everywhere possible (still using a different password for every site obviously) but just on sites that matter. SmugMug is one of those sites.

    I know there needs to be a balance between security and usability. Good password managers make this pretty painless now though.

Sign In or Register to comment.