Post

46 followers Follow
32
Avatar

Two factor authentication

Hi,

I'd like to suggest that we get support for 2 factor authentication via e.g. Google Authenticator or Microsoft Authenticator.

This part of the security is an important part of limiting access through the human factor of security.

Jacob

Jacob Saaby Nielsen Planned

Official comment

Avatar

We now support two-factor authentication for new customers using Podio in a Citrix bundle: http://blog.podio.com/2017/03/20/security-features/ 

New customers (signing up from today) will have the ability to leverage ShareFile’s extensive security features and Single Sign-on to manage their employees on Podio.

All you need is a ShareFile account for your business (which will be helpful to back-up sensitive files) to keep track of employees and files. You can enable two-step verification, set specific password requirements or use the Single-Sign-on integration from a ShareFile Enterprise version and will automatically use the same features for Podio login.

This is a small step in the right direction and we hope to make two-factor authentication available for existing Podio customers as well in the future.

//Sara - Podio

Sara Høeg Højlund-Rasmussen

Please sign in to leave a comment.

60 comments

0
Avatar

Hey Jacob

Thanks for the input - also something we have on the list internally. Thanks for sharing

//Sara - Podio

Sara Høeg Højlund-Rasmussen 0 votes
2
Avatar

+1
what happend in the last one and a half year? Come on Podio... It's not that hard to implement there's a RFC for it.
It's a shame that for such a essential security feature there's no more feedback for OVER A YEAR :-(

Mose 2 votes
-2
Avatar

Hi Mose,

I'm afraid this is not on our immediate roadmap at this point. That said we have not forgotten about it and your votes on it are indeed heard. I will let you know here in this thread as soon as we have any news on it.

/Charlie - Podio

Charlie Lindstrom -2 votes
3
Avatar

It seems a bit irresponsible for a company like Podio - in this day in age - not to offer an extra layer of security.

Especially considering there are no proper log files and no way for an administrator to control unauthorized access to employees Podio accounts (by IP address limitations or other means).

As Podio a full circle kind of tool it would be obvious to use it for most work flows and processes in a company. Which also means quite sensitive information would be stored there.

I mean if Asana can do it through Forced Google sign-in, Basecamp through and Slack through most 3rd party SSO providers I am sure Podio should be to implement such a relative simple 2 step verification layer.

Google Authentication or SMS verification could be a place to start :)

Podio is an amazing tool - just not for managing sensitive information currently it seems.

Hope you'll solve this soon.

http://socialcustomer.com/2014/04/how-to-enable-two-factor-authentication-on-50-top-websites-including-facebook-twitter-and-others.html

NB: Above article was posted in April 2014, so companies listed might have improved security since then.

Kenneth Herschel 3 votes
2
Avatar

Podio, why haven't you yet realized how important 2FA has become, especially for a product like this???
This discussion was opened almost two years ago now, and STILLLLLLL nothing has been done about it????

Or am I seriously mistaken, and you have released some sort of announcement that 2FA is coming or already in the process of being integrated???

Either way, this really needs to be put into your feature road-map, like Yesterday!

Your customers have been, and ARE STILL, practically screaming and begging for it.

Thanks,

Alan Harrylal
Sr. Systems Engineer
Synergy Development Consulting.

Alan Harrylal 2 votes
2
Avatar

Podio's lack of two factor has put my company in s position to basically look at other options even though we just moved on to this platform over the course of 5 months. So now, yammer and SharePoint combo is under evaluation. I'm hoping that Podio corrects this before the move to those products happen otherwise this is just another example of Citrix grabbing a product and well... Not realizing its potential and watch it go by the waste side.

Unfortunately, more and more companies are like mine where security is not an option and something like this needs to be there. I think Podio is going to lose a lot of folks because of this. It's a shame because we have really grown to like the product and our customers do too. However the safety of their information is more important.

Frank M. Merino 2 votes
2
Avatar

2FA is crucial, and would hate to see PODIO go in my organization because the lack of 2FA. I have put in many hours learning PODIO to now see it go to for not. I believe we have a great collaboration tool here but without 2FA it will be removed from many organizations. Lets face it security has become a top priority.

Manny Del Val 2 votes
0
Avatar

Oliver Wray
Hi Alan, It is correct we do not have this on the current roadmap, however we have it on the list of possible additions - please add your vote to it here to help drive it forward: https://help.podio.com/hc/communities/public/questions/201035838-Two-factor-authentication?locale=en-us

Thanks for your feedback on this, we really appreciate it.

//Oliver - Podio

Hello Oliver,

Thanks for your reply to my recent post about Two Factor Authentication.

Oliver, I don't mean to sound crass, and I am definitely not the, "kill the messenger", type, but by your reply, which I am sure resonates within the confines of your Team, more so the developers, it appears that the criticality of implementing such a feature has not yet really hit home.

The fact that your product is used by companies to collaborate amongst themselves, as well as with other companies, or clients to vendors, and vice versa, means that there is more than likely very sensitive information being exchanged.

The days of using just a username and password to protect against data breeches, are quickly coming to an end.

With other services such as PayPal, eBay, Twitter, Google, Yammer, and EVEN Facebook (https://www.authy.com/tutorials/add-2-factor-authentication-facebook/) (and the list goes on), implementing Two Factor Authentication, should attest to why it shouldn't be simply "on a list of POSSIBLE additions."

A quick search on, <insert favorite search-engine here>, on the advantages of having Two Factor Authentication, and on the statistics showing how hackers are infiltrating company info faster and easier by using techniques such as phishing, brute force attacks, and even social engineering to bypass usernames and password protected sites, should serve as, for the very least, an eye-opener, and motivation for more serious internal discussions about incorporating such a feature as 2FA into your product.

I hope this harangue is met with the understanding that because Podio is such an awesome product for what it does, and because of the type of information that is exchanged and archived within the product's databases, as well as the demise of the sole use of a username+password combination to secure access to data, your users are going to demand this feature more and more.

As a matter of fact, it has been two years since a similar discussion was started on your community forum, and it appears that Podio hasn't taken this into consideration, short of "we may EVENTUALLY do it if we get 1 gazillion votes."

That won't work for the majority of users, and 2FA should be something that Podio puts into development sooner than later.

Oliver, I ask that you forward this email as high up as you can within your organization, in hopes that it comes before the eyes of the decision makers.

We need Two Factor Authentication in Podio.....yesterday.

Thank you kindly for your time,

Alan Harrylal
Sr. Systems Engineer
Synergy Development Consulting
www.synergyitfirm.com

Alan Harrylal 0 votes
2
Avatar

We're almost done with Podio, we're just finishing up with a project, and then we're gone. We're tired of trying to get them to listen to this commonsense request.

 

They'll learn sooner or later; by that time, it might be too late.

Alan Harrylal 2 votes
1
Avatar

Hi guys!

We hope to implement this within 2016, as we are working closer with ShareFile this year security improvements will be a big topic. As always, I cannot promise a specific timeframe but we have it on the list.

//Sara - Podio

Sara Høeg Højlund-Rasmussen 1 vote