I wonder why Prismic has no support for two-factor authentication, except SSO in the much more expensive Platinum+ plan. Any SaaS vendor should have two-factor available by default for any plan (imo).
The risks are high: Hackers can make nasty changes to a website when they get their hands on a username + password. E.g., man-in-the-middle attacks where a hacker links to a ghost website and copies a login page.
Two-factor/SSO should not feature your pricing plan to let people upgrade. Mailchimp gives even a discount when you activate two-factor.
Hello @joost1, welcome to the community.
The product team has been discussing the possibility of adding 2FA, and we’re planning to add it at some point in the future. However, it’s not on our immediate roadmap, so I can’t share an ETA.
At the moment, as you said before, 2FA is only available through SSO login that we can activate on Enterprise plans.
This is a very important feature for us as well, do you have any idea how far away this feature is?
Thanks for joining the conversation @schalk.bower.
We have no news at the moment.
Is there any news on this? Is there a channel where we can follow this topic?
Hey @kry, for the moment what you can do is create an account using GitHub's SSO
@Pau why is it not possible to see which users use Github SSO? What is the status for 2-factor support after a year?
My two cents: well know security concern, every system which could be publicly accessed by a pirate must be protected by MFA. No question about given current times
Thanks for the feedback @cptflammin.
@joost1 we don't have any news at the moment. You can get updates about all the features that we're working on on our progress page: What's new - Prismic
Hi, what's the status here?
Not having 2FA is far from today's best practices.
And having been warned repeatedly about this (see above) and not acting on it, I believe now exposes you to a certain amount of legal responsibility should people's accounts be hacked due to lacking 2FA...
For the time being, two-factor auth is only available through SSO login that we can activate on Enterprise plans.
But you can always use the GitHub SSO signup option if you aren't an Enterprise client.