+101
Completed

2 Factor authentication

Mirlen 8 years ago updated by Bronislav 1 year ago 36 1 duplicate

Would be nice to see the option for 2-Factor auth for the site, and should be very easy to implement...

Duplicates 1

Pls help. I try make 2 factor auth-on. And loose authenticator with backup passcodes. I can not sign in to my Tesla account)))

+2

Please consider remembering 2FA on known devices. Everytime I open the URL on another Wifi or Cell network I have to re-enter the code.

today I had to remove my 2FA in tesla.com and in order to reactivate it, I had to change my tesla password.

Despite generating a new token in teslafi and updating the new password, it looks like teslafi loses access to the tesla API. Any suggestion?

how did it go? still have the same problem? I have that problem as well.

I removed my account from one authenticator, and added into another. That fixed my problem. 

+1

Submit a problem report to TeslaFi .  Go to TeslaFi, Help, Open a Support Ticket.
They are usually very good on fixing whatever quickly.

+1

Please add an option to remember device for 30 days.

+3

Loose?  lose....


"Two factor authentication has successfully been setup. Please save your
secret key in a safe place should you ever loose access to your
authentication app."

+1

Wow that was fast. Thanks!

+1

Thank you!  

+7
Completed

This can now be enabled in a new section in settings->account->security.

Has there been any timeline given for when MFA will be available. This is not a nice to have for me but a must have. 

Accounts can be compromised so easily and MFA is one of the easiest solutions to combat it. 

Thank You James!   Looking forward to this addition.

Please add MFA

+1

Yes MFA should really be considered mandatory for this kind of service.  If folk want to opt out that's a risk assessment for them to make . . . 

+1

yes please. when

Agree please both add 2FA and be much more explicit re what happens to user data. 

-1

As @hmspain said, if you do implement 2FA, please make it optional.  While I agree there is an inherent, though not necessarily guaranteed, increase in security with 2FA, this is also a concomitant increase in annoyance and dependence upon a 3rd-party network to receive codes.  For banking and online voting, probably yes.  For my car stats, decidedly no.

+1

Car stats? You do understand that they can unlock or remote start your car with the Tesla token this service has, right? :)

unlock, but not remote start - that requires the tesla account password* every time.

*The tesla app can also optionally use touchID/faceID for that.

2FA definitely doesn't require any 3rd party network to receive codes. There are schemes which use either a (very cheap, easy to buy) USB dongle that you keep in your computer or keyring (the same dongle works for many many websites at once), or you use a phone or laptop program to generate the codes. Works offline, no network needed!

Would be nice to have 2FA (general, not text message), but we have to recognize even Tesla doesn't have it.  :)

We should complain to them, also.

+1

2FA is a must for this kind of data. I will not continue to use the service for now as you do not have 2FA.

+1

Chipping in to say I really wish you would enable non SMS 2FA - this is very sensitive data!

+1

+1 for 2-factor auth.

Also +1 this. FIDO would be awesome. 

+3

Any website that has my data needs 2FA.  +1

+3

+1 for 2FA

FIDO or DUO or even OTP can satisfy 

+3

Definitely would love to get MFA for TeslaFi. There's a lot of sensitive info in here...

+3

I would like to +1 this 

+4

2FA would be a great option using MS Authenticator/Google/Duo/etc. This is a lot of data that I would prefer not to get into the wrong hands.  This is a great site and a must have for Tesla owners...

+1

If you implement 2 factor, please make it optional :-).

+4

I really like the service - however, the data collected is by far more than social media and there does not appear to be any references to data security and data privacy.  2 factor would be helpful along with app passwords to provide some comfort that someone could not learn an incredible amount of information about a user through the compromise of their credentials.  Also, additional references to your security efforts would provide comfort to know if you have ever been compromised, what efforts you take to reduce the likelihood of compromise, and notifications to users if you are compromised.  The data collected has locations, dates, etc, and definitely something that should be protected.

Great work and I love the data!