Two factor authentication
Completed
Hi,
I'd like to suggest that we get support for 2 factor authentication via e.g. Google Authenticator or Microsoft Authenticator.
This part of the security is an important part of limiting access through the human factor of security.
Jacob
-
Hi Sara, 2016 has passed, it's been 3 years since your customers have started to ask for this feature, and there is still no 2FA available for Podio. Could you share your dev team's rationale that puts Two-Factor-Authentication at the bottom of their backlog while pretty much everyone else and their grandmother have implemented this crucial security feature?
-
We now support two-factor authentication for new customers using Podio in a Citrix bundle: http://blog.podio.com/2017/03/20/security-features/
New customers (signing up from today) will have the ability to leverage ShareFile’s extensive security features and Single Sign-on to manage their employees on Podio.
All you need is a ShareFile account for your business (which will be helpful to back-up sensitive files) to keep track of employees and files. You can enable two-step verification, set specific password requirements or use the Single-Sign-on integration from a ShareFile Enterprise version and will automatically use the same features for Podio login.
This is a small step in the right direction and we hope to make two-factor authentication available for existing Podio customers as well in the future.
//Sara - Podio
-
+1 from me too please. Can I just say that creating a company policy the tells staff to use their google authentication is not a 2FA solution. If the Organisation Settings had an option to force this then it would be. Without forcing all our Podio users login to use google 2FA then there is still the single layer logins and password out there. Any smart hacker would not use the Google 2FA login would they . . . they would go for the single layer which . . . we cannot disable.
-
With more and more companies using Podio for an entire company solution, and the costs fo running the software has grown considerably, I'm disappointed that this is not yet in place.
Is this going to be implemented anytime soon? Because if not I need to find a new solution for certain businesses and potentially my own. Thank you.
-
Podio is based in Denmark, Denmark is part of the EU, EU is implementing GDPR and Podio seems to be ignoring the significant impact the lack of 2FA will have on businesses ability add 2FA as a key component of their GDPR policy - https://www.linkedin.com/pulse/use-multi-factor-authentication-comply-gdpr-angela-clark/
Most business podio implementations contain client personal data. Can someone from Podio reply to this post stream and advise us on how they intend on helping us to improve the login security or in fact explain why Podio have not yet implemented 2FA which is considered a standard in any other global SaaS solution?
-
Hi Isrial,
We now support two-factor authentication for customers using Podio in a Citrix bundle: http://blog.podio.com/2017/03/20/security-features/
New customers (signing up from 2017) will have the ability to leverage ShareFile’s extensive security features and Single Sign-on to manage their employees on Podio. You can enable two-step verification, set specific password requirements or use the Single-Sign-on integration from a ShareFile Enterprise version and will automatically use the same features for Podio login.
If you are interested to move to this version, this partner extension can help you copy data to a new organisation, which will support two-factor authentication.
//Sara - Podio
-
Sara, the "feature" you describe is not a solution for the thousands of businesses who have existing accounts. Copy everything to a new organization to enable 2FA? Why does Podio need years to implement 2FA, and then does it in a way that requires people to use Citrix or ShareFile and on top of that set up a new organization? I didn't sign up for ShareFile -- I have been paying a good chunk of money every month for years in order to use Podio, and I don't see why we have to deal with third parties in order to get a feature that every other major service in the world has been offering for a long time. What is this? An attempt to sell Citrix or ShareFile products to us?
-
Seriously -- to get this amazing enhanced security feature that Citrix, "a global IT security provider" that is "100% dedicated to keeping your data secure" is offering to us, we need to pipe all data of our organization through some third party provider's servers in order to copy it back to Podio? Seriously?
-
Hi Sara,
I echo the comments above. In a world of apps offering this offer the self with a variety of options to enable 2fa it seems very antiquated and pushy for sales of a partner product to have something that should be embedded in your values, keeping our data safe.
Over the past 2 years we've created over 50 new clients for you and while we are busy teaching best practice for security including physical keys, the irony for us is that our most precious data is the only one without a robust solution.
It would be so great to hear from you that you're not far off implementing a solution and not just pushing the existing one that is a poor offering compared to every one of your competition.
Podio rocks, we just need this to sleep at night please.
Thank you Sara.
-
Hello,
I just wanted to provide a "thread bump" here and see if any progress had been made. Our firm has been able to implement MFA for all of our software products now...except Podio. We do use ShareFile, but unfortunately we created our workspaces prior to the new "ShareFile MFA" feature, and migrating the huge amount of sensitive data, along with all of the comments, tasks, etc. is simply not feasible, and is not something that can safely be outsourced to a 3rd party.
I suppose my confusion lies within the fact the Globiflow already has a fairly robust SMS messaging system in place...it seems like you could take this infrastructure to create a MFA tool without a whole lot more work.
Ultimately, I guess it would be helpful to get *some* idea if/when MFA will be enabled for accounts that were created prior to the Podio-ShareFile MFA integration. If it's never going to happen, at least let us know, so I can bite the bullet and simply begin to migrate our old workspace data into the new "ShareFile compatible" account...but I really don't want to do this, only to have MFA for older accounts suddenly come online a couple of months after we've incurred the time / expense of migrating our data into the more secure arrangement.
Podio has absolutely changed the way our company runs, and aside from the MFA issue, I only have incredibly positive things to say about this software. I've referred a number of colleagues and clients to this platform, so it breaks my heart that we may have to consider other options in order to comply with industry standards and best practices. Please don't let this happen!!!!
-
Dear Sara Høeg Højlund-Rasmussen...
Any update on this? It would be great to have plain and simple 2FA that does not rely on Sharefile, being a new customer, Google accounts or anything other than a) your Podio credentials and b) an authenticator app. It can't be *that* hard to implement can it? Like 5+ years hard? It seems a little complacent at a time when organisations place such a high premium of security.
Any news on this?
-
Yep have to jump in and echo above comments because of Podio's poor form on 2FA for existing users. Really shocked after 7 years Podio have totally dropped the ball on this one. All comments, related items etc on every item are crucial so some risky duplication with a sharefile account is not what I'm willing to consider. Please advise where Podio is up to on 2FA?
Please sign in to leave a comment.
Comments
65 comments