Two-factor authentication

joost1 · January 12, 2022, 6:57pm

I wonder why Prismic has no support for two-factor authentication, except SSO in the much more expensive Platinum+ plan. Any SaaS vendor should have two-factor available by default for any plan (imo).

The risks are high: Hackers can make nasty changes to a website when they get their hands on a username + password. E.g., man-in-the-middle attacks where a hacker links to a ghost website and copies a login page.

Two-factor/SSO should not feature your pricing plan to let people upgrade. Mailchimp gives even a discount when you activate two-factor.

Pau · January 13, 2022, 12:44am

Hello @joost1, welcome to the community.

The product team has been discussing the possibility of adding 2FA, and we’re planning to add it at some point in the future. However, it’s not on our immediate roadmap, so I can’t share an ETA.

At the moment, as you said before, 2FA is only available through SSO login that we can activate on Enterprise plans.

schalk.bower · May 24, 2022, 9:27am

Hi Pau

This is a very important feature for us as well, do you have any idea how far away this feature is?

Pau · May 24, 2022, 9:34am

Thanks for joining the conversation @schalk.bower.
We have no news at the moment.

kry · September 6, 2022, 8:00am

Hi @Pau

Is there any news on this? Is there a channel where we can follow this topic?

Pau · September 6, 2022, 9:29pm

Hey @kry, for the moment what you can do is create an account using GitHub's SSO

joost1 · September 16, 2022, 8:45am

@Pau why is it not possible to see which users use Github SSO? What is the status for 2-factor support after a year?

cptflammin · September 20, 2022, 6:29pm

My two cents: well know security concern, every system which could be publicly accessed by a pirate must be protected by MFA. No question about given current times

Pau · September 21, 2022, 5:18pm

Thanks for the feedback @cptflammin.

@joost1 we don't have any news at the moment. You can get updates about all the features that we're working on on our progress page: What's new - Prismic

ru1 · November 1, 2022, 1:39pm

Hi, what's the status here?

Not having 2FA is far from today's best practices.

And having been warned repeatedly about this (see above) and not acting on it, I believe now exposes you to a certain amount of legal responsibility should people's accounts be hacked due to lacking 2FA...

Pau · November 14, 2022, 8:29pm

Hello everyone.
For the time being, two-factor auth is only available through SSO login that we can activate on Enterprise plans.

But you can always use the GitHub SSO signup option if you aren't an Enterprise client.

savio · April 13, 2023, 12:54pm

hey team, any news on 2FA?

Pau · April 13, 2023, 4:08pm

Hey @savio. We don't have any new updates on 2FA at this time. As mentioned before, it's only available through SSO login for Enterprise plans. However, you can still use the GitHub SSO signup option if you're not an Enterprise client.

CharlotteD · November 27, 2023, 10:53am

Hi @Pau, is there any update on timeline for this much needed security feature? Thanks

samlittlefair · November 27, 2023, 3:26pm

Hi @CharlotteD,

We have no updates here. TFA is still available exclusively on enterprise plans or with GitHub SSO.

Sam