+101
Completed

2 Factor authentication

Mirlen 3 years ago updated by jamesx0 2 weeks ago 30 1 duplicate

Would be nice to see the option for 2-Factor auth for the site, and should be very easy to implement...

Duplicates 1

+1

Please add an option to remember device for 30 days.

+2

Loose?  lose....


"Two factor authentication has successfully been setup. Please save your
secret key in a safe place should you ever loose access to your
authentication app."

+1

Wow that was fast. Thanks!

+7
Completed

This can now be enabled in a new section in settings->account->security.

Has there been any timeline given for when MFA will be available. This is not a nice to have for me but a must have. 

Accounts can be compromised so easily and MFA is one of the easiest solutions to combat it. 

Thank You James!   Looking forward to this addition.

Please add MFA

+1

Yes MFA should really be considered mandatory for this kind of service.  If folk want to opt out that's a risk assessment for them to make . . . 

Agree please both add 2FA and be much more explicit re what happens to user data. 

-1

As @hmspain said, if you do implement 2FA, please make it optional.  While I agree there is an inherent, though not necessarily guaranteed, increase in security with 2FA, this is also a concomitant increase in annoyance and dependence upon a 3rd-party network to receive codes.  For banking and online voting, probably yes.  For my car stats, decidedly no.

+1

Car stats? You do understand that they can unlock or remote start your car with the Tesla token this service has, right? :)

unlock, but not remote start - that requires the tesla account password* every time.

*The tesla app can also optionally use touchID/faceID for that.

2FA definitely doesn't require any 3rd party network to receive codes. There are schemes which use either a (very cheap, easy to buy) USB dongle that you keep in your computer or keyring (the same dongle works for many many websites at once), or you use a phone or laptop program to generate the codes. Works offline, no network needed!

Would be nice to have 2FA (general, not text message), but we have to recognize even Tesla doesn't have it.  :)

We should complain to them, also.

+1

2FA is a must for this kind of data. I will not continue to use the service for now as you do not have 2FA.

+1

Chipping in to say I really wish you would enable non SMS 2FA - this is very sensitive data!

+1

+1 for 2-factor auth.

Also +1 this. FIDO would be awesome. 

+3

Any website that has my data needs 2FA.  +1

+3

+1 for 2FA

FIDO or DUO or even OTP can satisfy 

+3

Definitely would love to get MFA for TeslaFi. There's a lot of sensitive info in here...

+3

I would like to +1 this 

+4

2FA would be a great option using MS Authenticator/Google/Duo/etc. This is a lot of data that I would prefer not to get into the wrong hands.  This is a great site and a must have for Tesla owners...

+1

If you implement 2 factor, please make it optional :-).

+4

I really like the service - however, the data collected is by far more than social media and there does not appear to be any references to data security and data privacy.  2 factor would be helpful along with app passwords to provide some comfort that someone could not learn an incredible amount of information about a user through the compromise of their credentials.  Also, additional references to your security efforts would provide comfort to know if you have ever been compromised, what efforts you take to reduce the likelihood of compromise, and notifications to users if you are compromised.  The data collected has locations, dates, etc, and definitely something that should be protected.

Great work and I love the data!