2 Factor authentication

Mirlen 3 years ago updated by peejtesla 6 months ago 20 1 duplicate

Would be nice to see the option for 2-Factor auth for the site, and should be very easy to implement...

Duplicates 1


I really like the service - however, the data collected is by far more than social media and there does not appear to be any references to data security and data privacy.  2 factor would be helpful along with app passwords to provide some comfort that someone could not learn an incredible amount of information about a user through the compromise of their credentials.  Also, additional references to your security efforts would provide comfort to know if you have ever been compromised, what efforts you take to reduce the likelihood of compromise, and notifications to users if you are compromised.  The data collected has locations, dates, etc, and definitely something that should be protected.

Great work and I love the data! 


If you implement 2 factor, please make it optional :-).


2FA would be a great option using MS Authenticator/Google/Duo/etc. This is a lot of data that I would prefer not to get into the wrong hands.  This is a great site and a must have for Tesla owners...


I would like to +1 this 


Definitely would love to get MFA for TeslaFi. There's a lot of sensitive info in here...


+1 for 2FA

FIDO or DUO or even OTP can satisfy 


Any website that has my data needs 2FA.  +1

Also +1 this. FIDO would be awesome. 

+1 for 2-factor auth.


Chipping in to say I really wish you would enable non SMS 2FA - this is very sensitive data!

2FA is a must for this kind of data. I will not continue to use the service for now as you do not have 2FA.

Would be nice to have 2FA (general, not text message), but we have to recognize even Tesla doesn't have it.  :)

We should complain to them, also.

As @hmspain said, if you do implement 2FA, please make it optional.  While I agree there is an inherent, though not necessarily guaranteed, increase in security with 2FA, this is also a concomitant increase in annoyance and dependence upon a 3rd-party network to receive codes.  For banking and online voting, probably yes.  For my car stats, decidedly no.

2FA definitely doesn't require any 3rd party network to receive codes. There are schemes which use either a (very cheap, easy to buy) USB dongle that you keep in your computer or keyring (the same dongle works for many many websites at once), or you use a phone or laptop program to generate the codes. Works offline, no network needed!

Car stats? You do understand that they can unlock or remote start your car with the Tesla token this service has, right? :)

unlock, but not remote start - that requires the tesla account password* every time.

*The tesla app can also optionally use touchID/faceID for that.

Agree please both add 2FA and be much more explicit re what happens to user data. 

Yes MFA should really be considered mandatory for this kind of service.  If folk want to opt out that's a risk assessment for them to make . . .