2 factor auth would be a GREAT way to further secure our accounts. For those of you who may not know what 2 factor authenticaion is, it is a way for STs to authenticate you upon login through a second source. Generally there are three types of authentication someone can you. 1st, 2nd, and 3rd factors. There are some new 4th and 5th factors as well but 1st, 2nd and 3rd can be summed up easily this way:
First factor is “something you know”
AKA - Password
Second factor is “something you have”
AKA - RSA passcode/Phone to send a additonal login code to
Third factor is “something you are”
AKA - Fingerprint, eye scan, dna
Right now we all use first factor auth to login to the IDE and the SmartApp. I’d love to have STs add Second factor auth to any initial login that we process. So anytime you login to the SmartApp or IDE you would need your cellphone to receive an additonal passcode texted to your cell in order to login.
Maybe @Ben, @Urman, @tyler would be good people to help answer this, but i’m trying to gauge if people agree with me before I start barking up some trees for something that only I may want.
Do people agree with me? Please feel free to share your comments below.
I’m all for two factor authentication, I use it on many services already and wish more would offer it. Makes a person feel better especially with all the username and/or password leaks. Many people use same/similar username and passwords so if you forget to change all them when something like that happens you could be in trouble. Whereas with 2 factor it’s almost a non-issue, while you should still change your passwords you don’t have to stay awake at night wondering if you’re in trouble.
I use 2FA everywhere and given how all these things are part of our houses, I’d like to see this too. It’s too important to ignore anymore and I’m sure not too hard to implement.
+1 for 2FA here, especially since it’s monitoring and controlling more and more of my home.
Good old TOTP (Time-Based One Time Password algorithm) would be great. Google Authenticator is a common client implementation, but there are several other smartphone apps (DUO also does TOTP in addition to its push authentication) and even clients for the Pebble watch.
On the server side, there are open-source implementations available in various languages.
I’m surprised it’s not more widely used even the less secure ways like, txt a passcode, send email or voice message with code each time a login is attempted.
Two Factor Auth for Home Automation seems like a default that should have been implemented from the beginning. Nothing like securing your home with all of this automation and have it be protected by a simple password.
We have implemented in our systems we develop. One key thing, however, we have run into is consumer education with support for 2FA and how to use. For all of us tech types its really important. For average joe, which surprises the heck out of me, is confused by it if not annoyed by it.
LOL, our lead developer gets annoyed everytime he hits AWS console and has to dig out his phone. We love that sideshow.
I expect adoption to grow even among the non-tech savvy over time…
As a user, I use everywhere I can…especially like Authy.