Isn't it the time for SH to add a multi-factor authentication?

Hello everyone,

I hope you’re doing well.

SH is getting bigger everyday and I wanted to write and raise concerns about the security of the platform. As now I can only see that SH rely solely on passwords for user authentication without a multi-factor authentication in place.

( I came to know that SH have checks in place to block unauthorized login attempts and also send codes via email to verify new devices that were not verified by the users before. But I still think that it’s not enough and adding a multi-factor authentication is a must ).

Given the fact that SH now has a large number of accounts, As well as the fact that users may have funds in their account balances that are withdraw-able or can be used to buy domain names from the marketplace, It is crucial to have robust security measures in place to protect against potential attacks.

Passwords are a common target for hackers, and if they are the only line of defense for a platform, it can be relatively easy for a determined attacker to gain access.

By requiring more than just a password to access an account, MFA can make it much harder for an attacker to gain unauthorized access, even if they have obtained the user’s password through a data breach or other means. For this reason, I believe that platforms that do not offer MFA are more vulnerable to attack and less secure overall.

In accordance to the above, I strongly recommend and ask SH to implement multi-factor authentication as soon as possible. MFA adds an additional layer of security by requiring users to provide two or more forms of identification in order to access their accounts.

By implementing MFA, SH can significantly reduce the risk of unauthorized access to user accounts and the sensitive information they contain. Additionally, I recommend that you regularly perform security audits and vulnerability assessments to identify and address any potential security issues before they can be exploited by attackers.

In conclusion, I urge SH to take immediate action to reinforce the security of the platform and protect the privacy and financial information of users. Failure to do so could have serious consequences for both users and SH as a business.

Thanks for your consideration.

3 Likes

Duplicate of:

But yes two-factor authentication should be implemented ASAP.

You can login with your Google account, and in your Google account you can set the two-factor authentication.

However when you already have a Squadhelp account without the linked Google account, then you cannot link your Google account later, so in this case the two-factor authentication is not possible. So in this case these accounts are not safe.

@grant it’s a security issue actually, passwords are not safe, even if someone uses a password manager, because password managers can be hacked, too. But if the password is strong and two-factor authentication is turned on, then this is the optimal security setting.

3 Likes

If it were an option fine, just don’t force me to use it if I don’t want to. Too many sites force 2FA and it’s just annoying and few of them are actually anything important enough for me to put up with the inconvenience of 2FA. And I would NOT consider SH important enough.

1 Like