Notehub is an important part of our infrastructure and we’d like to make sure that access to our account is protect with MFA. Is that possible currently?
If not, consider this a feature request.
Thanks!
Notehub is an important part of our infrastructure and we’d like to make sure that access to our account is protect with MFA. Is that possible currently?
If not, consider this a feature request.
Thanks!
This is a very reasonable request and thank you for asking.
While it’s not currently possible, it is planned during the second half of 2024.
Do you have a preference for using a third party app (which one?) or for receiving a code via SMS?
Jim
Thanks, Jim - glad I didn’t just miss the setting somewhere. And very happy to hear that it’s on the roadmap.
I personally prefer time-based one-time passwords (RFC 6238) and use 1Password or Bitwarden to store / generate those one-time codes. That would be sufficient for our use case.
SMS is ok, but I think has more risks associated with.
FIDO2 / WebAuthn is also great, but we don’t currently use that.
For our application, SMS for multi-factor authentication is preferred (as universally available), but personally I think more than one option should be made available or configurable. My 2 cents…
Thank you both for the feedback.
I agree SMS is a little less secure though it’s also easier for many people.
I suspect we will give folks a choice of options including SMS and a password App like 1Password, Google Authenticator, Authy, or etc. And perhaps hardware tokens eventually.