Two factor authentication
Completed
Hi,
I'd like to suggest that we get support for 2 factor authentication via e.g. Google Authenticator or Microsoft Authenticator.
This part of the security is an important part of limiting access through the human factor of security.
Jacob
-
We can add that functionality now with Greytower Identity www.greytoweridentity.com and its actually mutlifactor.
-
Podio is based in Denmark, Denmark is part of the EU, EU is implementing GDPR and Podio seems to be ignoring the significant impact the lack of 2FA will have on businesses ability add 2FA as a key component of their GDPR policy - https://www.linkedin.com/pulse/use-multi-factor-authentication-comply-gdpr-angela-clark/
Most business podio implementations contain client personal data. Can someone from Podio reply to this post stream and advise us on how they intend on helping us to improve the login security or in fact explain why Podio have not yet implemented 2FA which is considered a standard in any other global SaaS solution?
-
Hi Sara,
I echo the comments above. In a world of apps offering this offer the self with a variety of options to enable 2fa it seems very antiquated and pushy for sales of a partner product to have something that should be embedded in your values, keeping our data safe.
Over the past 2 years we've created over 50 new clients for you and while we are busy teaching best practice for security including physical keys, the irony for us is that our most precious data is the only one without a robust solution.
It would be so great to hear from you that you're not far off implementing a solution and not just pushing the existing one that is a poor offering compared to every one of your competition.
Podio rocks, we just need this to sleep at night please.
Thank you Sara.
-
Dear Sara Høeg Højlund-Rasmussen...
Any update on this? It would be great to have plain and simple 2FA that does not rely on Sharefile, being a new customer, Google accounts or anything other than a) your Podio credentials and b) an authenticator app. It can't be *that* hard to implement can it? Like 5+ years hard? It seems a little complacent at a time when organisations place such a high premium of security.
Any news on this?
-
Oliver Wray
Hi Alan, It is correct we do not have this on the current roadmap, however we have it on the list of possible additions - please add your vote to it here to help drive it forward: https://help.podio.com/hc/communities/public/questions/201035838-Two-factor-authentication?locale=en-usThanks for your feedback on this, we really appreciate it.
//Oliver - Podio
Hello Oliver,
Thanks for your reply to my recent post about Two Factor Authentication.
Oliver, I don't mean to sound crass, and I am definitely not the, "kill the messenger", type, but by your reply, which I am sure resonates within the confines of your Team, more so the developers, it appears that the criticality of implementing such a feature has not yet really hit home.
The fact that your product is used by companies to collaborate amongst themselves, as well as with other companies, or clients to vendors, and vice versa, means that there is more than likely very sensitive information being exchanged.
The days of using just a username and password to protect against data breeches, are quickly coming to an end.
With other services such as PayPal, eBay, Twitter, Google, Yammer, and EVEN Facebook (https://www.authy.com/tutorials/add-2-factor-authentication-facebook/) (and the list goes on), implementing Two Factor Authentication, should attest to why it shouldn't be simply "on a list of POSSIBLE additions."
A quick search on, <insert favorite search-engine here>, on the advantages of having Two Factor Authentication, and on the statistics showing how hackers are infiltrating company info faster and easier by using techniques such as phishing, brute force attacks, and even social engineering to bypass usernames and password protected sites, should serve as, for the very least, an eye-opener, and motivation for more serious internal discussions about incorporating such a feature as 2FA into your product.
I hope this harangue is met with the understanding that because Podio is such an awesome product for what it does, and because of the type of information that is exchanged and archived within the product's databases, as well as the demise of the sole use of a username+password combination to secure access to data, your users are going to demand this feature more and more.
As a matter of fact, it has been two years since a similar discussion was started on your community forum, and it appears that Podio hasn't taken this into consideration, short of "we may EVENTUALLY do it if we get 1 gazillion votes."
That won't work for the majority of users, and 2FA should be something that Podio puts into development sooner than later.
Oliver, I ask that you forward this email as high up as you can within your organization, in hopes that it comes before the eyes of the decision makers.
We need Two Factor Authentication in Podio.....yesterday.
Thank you kindly for your time,
Alan Harrylal
Sr. Systems Engineer
Synergy Development Consulting
www.synergyitfirm.com -
We now support two-factor authentication for new customers using Podio in a Citrix bundle: http://blog.podio.com/2017/03/20/security-features/
New customers (signing up from today) will have the ability to leverage ShareFile’s extensive security features and Single Sign-on to manage their employees on Podio.
All you need is a ShareFile account for your business (which will be helpful to back-up sensitive files) to keep track of employees and files. You can enable two-step verification, set specific password requirements or use the Single-Sign-on integration from a ShareFile Enterprise version and will automatically use the same features for Podio login.
This is a small step in the right direction and we hope to make two-factor authentication available for existing Podio customers as well in the future.
//Sara - Podio
-
+1 from me too please. Can I just say that creating a company policy the tells staff to use their google authentication is not a 2FA solution. If the Organisation Settings had an option to force this then it would be. Without forcing all our Podio users login to use google 2FA then there is still the single layer logins and password out there. Any smart hacker would not use the Google 2FA login would they . . . they would go for the single layer which . . . we cannot disable.
-
With more and more companies using Podio for an entire company solution, and the costs fo running the software has grown considerably, I'm disappointed that this is not yet in place.
Is this going to be implemented anytime soon? Because if not I need to find a new solution for certain businesses and potentially my own. Thank you.
-
Hi Isrial,
We now support two-factor authentication for customers using Podio in a Citrix bundle: http://blog.podio.com/2017/03/20/security-features/
New customers (signing up from 2017) will have the ability to leverage ShareFile’s extensive security features and Single Sign-on to manage their employees on Podio. You can enable two-step verification, set specific password requirements or use the Single-Sign-on integration from a ShareFile Enterprise version and will automatically use the same features for Podio login.
If you are interested to move to this version, this partner extension can help you copy data to a new organisation, which will support two-factor authentication.
//Sara - Podio
-
Yep have to jump in and echo above comments because of Podio's poor form on 2FA for existing users. Really shocked after 7 years Podio have totally dropped the ball on this one. All comments, related items etc on every item are crucial so some risky duplication with a sharefile account is not what I'm willing to consider. Please advise where Podio is up to on 2FA?
Please sign in to leave a comment.
Comments
65 comments