Two-factor authentication

I wonder why Prismic has no support for two-factor authentication, except SSO in the much more expensive Platinum+ plan. Any SaaS vendor should have two-factor available by default for any plan (imo).

The risks are high: Hackers can make nasty changes to a website when they get their hands on a username + password. E.g., man-in-the-middle attacks where a hacker links to a ghost website and copies a login page.

Two-factor/SSO should not feature your pricing plan to let people upgrade. Mailchimp gives even a discount when you activate two-factor.

Hello @joost1, welcome to the community.

The product team has been discussing the possibility of adding 2FA, and we’re planning to add it at some point in the future. However, it’s not on our immediate roadmap, so I can’t share an ETA.

At the moment, as you said before, 2FA is only available through SSO login that we can activate on Enterprise plans.

Hi Pau

This is a very important feature for us as well, do you have any idea how far away this feature is?

Thanks for joining the conversation @schalk.bower.
We have no news at the moment.

Hi @Pau

Is there any news on this? Is there a channel where we can follow this topic?

Hey @kry, for the moment what you can do is create an account using GitHub's SSO

@Pau Is the team aware how much of a dealbreaker lacking 2FA support is to most businesses? Surely this merits at least some sort of update almost a year after your last reply indicating the team was "planning on adding it"? Very surprised at the lack of urgency on this critical security feature that is a requirement for most orgs of all sizes these days.

EDIT: I see your suggestion regarding Github SSO for now, any way we can convert from a standard email account to github (for the root login)?

1 Like

Hey @liam1, thanks for sharing your thoughts, feedback is always more than welcome.

It isn't possible to 'migrate' an account that signed up with an email to the GitHub SSO option, you'd need to create an account that uses a different email.

@Pau why is it not possible to see which users use Github SSO? What is the status for 2-factor support after a year?

My two cents: well know security concern, every system which could be publicly accessed by a pirate must be protected by MFA. No question about given current times :slight_smile:

Thanks for the feedback @cptflammin.

@joost1 we don't have any news at the moment. You can get updates about all the features that we're working on on our progress page: What's new - Prismic