Two Factor Authentication for ALL STs environments?

I’m going to add to the chorus here. 2FA should definitely be an option. I have 10 in my Google Authenticator app already!

1 Like

I think more companies need to have some “balls” and force 2FA on people. You want to use our product? You must have 2FA.

I’m surprised it’s not more widely used even the less secure ways like, txt a passcode, send email or voice message with code each time a login is attempted.

2 Likes

Two Factor Auth for Home Automation seems like a default that should have been implemented from the beginning. Nothing like securing your home with all of this automation and have it be protected by a simple password.

2 Likes

I absolutely agree, 2FA should be the default for a system that can monitor my cameras and unlock my doors.

We have implemented in our systems we develop. One key thing, however, we have run into is consumer education with support for 2FA and how to use. For all of us tech types its really important. For average joe, which surprises the heck out of me, is confused by it if not annoyed by it.

LOL, our lead developer gets annoyed everytime he hits AWS console and has to dig out his phone. We love that sideshow.

I expect adoption to grow even among the non-tech savvy over time…

As a user, I use everywhere I can…especially like Authy.

2 Likes

IFTTT has just added optional 2FA for their accounts. If you want it, you turn it on, otherwise your account still just uses a password. I like this approach:

4 Likes

Any update on this being on the roadmap for a future release? Would love to see Authy or something similar used for MFA.

how about getting things that are not working working first and working reliably before adding more functionality? all for 2fa, but get the basics down first

2 Likes

Disagree. I’d start wtih security. It’s a little unnerving when you see how much data is available via IDE with only a password as protection.

Re-awakening because this is becoming increasingly important to me.

1 Like

Bright Eyed and Bushy Tailed.

Totally - when do we get two factor for SmartThings? Wanting this more and more every day.

1 Like

One of the biggest gaps I see is the lack of ability to have two factor authentication (2FA). Two factor is one of the best ways to ensure security. I have put barriers to my deployment, like no video or microphone in my house, to ensure that it gets hacked, the information they get is limited. At the very least we should have the ability to add 2FA to the IDE and when new accounts are create or account information is changed.

It could utilize a third party 2FA like google’s 2FA, which is free, but we really need to ensure that something that can be so powerful is secure and 2FA is one of the best ways to do that. I highly recommend 2FA on all financial accounts and anywhere security is a must.

2FA is on the Feature Request list for ActionTiles. The only implementation we are currently considering is to link it to your Gmail account (possibly other’s like GitHub, Twitter, and/or Facebook…) because those logins can already be associated with 2FA.

3 Likes

Hi, I’ve had some issues with my Yale Conexis appearing to randomly lock and unlock. I am unable to see if my ST account has been accessed from any unrecognised IPs (showing if I’ve been hacked) but ST app shows it wasn’t a keytag or manual unlock. It appears to have come from ST.

Changing password, but unnerving that I can neither confirm if I have been hacked nor increase security. If I haven’t been hacked obviously there is an issue with the lock but again impossible to verify given the data I am able to access.

If I had been hacked I’d have thought they’d mess with more than just the one lock (lights? Other locks?)

The likelihood that you have been “hijacked” in any form is extremely unlikely.

However, if you think your SmartThings Account is possibly compromised by a "hijacker’ just:

  1. Change your SmartThings password.
  2. Contact Support@SmartThings.com to request all Access Tokens be invalidated for your Account.
  3. Uninstall ALL SmartApps from your Location.
1 Like

I agree. Just seems bizarre the lock would lock and unlock itself at random on some days. Unfortunately I am away until January so can’t check if it is actually locking or just a false reading.

1 Like

YO!!!
please up security aka 2FA.
We are in 2021 ffs…!
/thomas

You are responding to a post which is 4 years old, and a lot has changed in that time. Specifically SmartThings does now have 2FA for both the app and the web interface. This happened after Samsung migrated all SmartThings users to Samsung accounts. So it’s now there if you want it.

In fact, in the ST mobile app, you will receive a pop up suggesting you enable 2FA every 7 days if you don’t already have it turned on. :sunglasses: