2 Factor Authentication Option
Add an option to use 2 factor authentication to login to make using Tailwind more secure.
-
Official comment
Thanks Eric. This feature request has been captured.
Scott
Comment actions -
Hi Sam,
On iPhones we added the ability to use Face ID at least as a starting point. So you can actually stay logged into the app and it requires Face ID to launch the app. If you are on Android we didn't implement it there yet.
The 2FA login wasn't something we got a lot of requests for so we didn't go further than Face ID with it for now.
-
Scott thanks for the note. But 2 factor is not the same as a convenience option for login. I was hoping you would make it more secure seeing as how it provides access to people's homes. Jon hit it right on the head. If someone got your password they could log into the app on their phone and they would be able to open and close your garage door. If 2 factor is not an option maybe an integration with a service like Google which would essentially implement 2 factor. For example in order to log into my Google account on a new device it performs 2 factor auth because I turned that on for my account. Seems like this is somewhat of an industry standard now.
-
We've been discussing this. Due to the fact that we have customers in more than 30 countries, using SMS for 2FA isn't a viable option for us. So we are thinking of allowing users to turn on 2FA in the app. When they turn on 2FA they will be asked to provide a PIN code and answer 2 security questions.
Then any future logins would require the PIN code as well as the password.
If you forget the PIN code you can answer one of the security questions to reset the PIN code.
Would this be acceptable?
-
Since there are 3 generally recognized factors for authentication: something you know (such as a password), something you have (such as a hardware token or cell phone), and something you are (such as your fingerprint). Two-factor means the system is using two of these options.
We are also thinking Password + Fingerprint or Face recognition required to login to the mobile app if 2FA is enabled.
Scott
-
Scott,
The second PIN is not 2FA because it is just two things you know. An email confirming you are logging into a new device, or some other sort of 2FA would be best. FaceID is not true two factor. An example on one phone I could use my face, and the person who steals my account would just need their face to get in on their phone. Seeing as how that FaceID is not centrally stored it does not necessarily ensure that it is MY face. What FaceID on your phone tells you is that the person who knows the password has this face. It is more for follow up logins on that device.
Email is really the cheapest version of two factor, and it works in all countries.
Sam
-
The 2FA time-based token app generating systems are my vote. Flexible enough that they can be used by any app the user prefers and slightly stronger than email as the 2FA method as its a separate method from an already associated account, and if the email is compromised, so is the password reset process. Email is a good second option and acceptable, but I agree with the others, SMS isn't a good option at all for 2FA anymore.
-
cowardlyginger please email me at scottr@gotailwind.com so we can connect on this.
-
I did reach out to Scott about this last year and provided some general advice, but I haven't seen any clear progress. Wirecutter's article on smart garage door controls says Tailwind supports 2FA/MFA, but as far as I can tell that's not accurate:
-
Unfortunately no progress. We had some changes on our development team, which slowed down productivity. Then both Apple and Android dropped bombs on us that had severe impacts on the auto-open and close features. Short answer - all focus for the past 6+ months has been on fixing things that Android and iOS keep breaking with their updates.
Please sign in to leave a comment.
Comments
15 comments