@Anne Pitkänen -

I'm very happy to tell you that we have this week released 2FA to Miro Enterprise customers.

Any plans to improve security for the rest of your customers?

2FA should be a feature available to ALL customers, not hidden behind the enterprise plan. I totally understand why SSO would an enterprise feature, however two-factor authentication is a basic security feature which should be available to all clients paying or not. 

How is it possible that 2fa is not offered as a basic option, this can only lead to problems.  This is the only point that bothers me about miro at the moment.

My clients are moving to Mural because Miro does not have 2FA and Mural does. It’s an essential security feature and my contracts mandate that I meet this requirement as outlined by th National Cyber Security Centre. So for many of them it’s too late for Miro and they have already moved. I will be forced to move too soon if 2FA isn’t implemented. Which makes me sad as I would rather not.

I’ve asked Miro on Twitter a few times, but I’m being ignored, just like this basic feature.

Hmmm...Miro, not allowing ALL users to have 2FA, especially with generative ai showing it’s ability to get past default security measures, unless you pay thousands of dollars….maybe it’s time for all of us to consider FigJam. A cheaper price + 2FA, regardless of tier...there’s a few features missing with FigJam, but honestly, nothing essential to be able accomplish the same outcomes/collaborate.

Would I like to stay with Miro? Of course I would, but not if they are going to hold essential security features hostage needed by everyone...will need to strongly consider other options.

@Thomas Larsson at Milky Way @Eddie Zhang @Andreas Lubbe @Robert Johnson @Maik @chrisc @Matt Batchelor @ITO @MichaelWang @Pradeep Susarla @Tristan Forrester @Aaron Costello @S17 @Maeve Rutten @Robert Linhardt @StupidJan @Dirk Ahmann @Contrem @BlueShield @imogenmiro @eseImpala @nx_studio @Mifi 

@Emily Webber Mural has their’s set at 50 user before one can have MFA last time I checked, which was just a couple weeks ago.

FYI @Anne Pitkänen...please listen to your customers, especially when there is competition like FigJam already taking customers away from you.

Hi @foundsoul thank you for tagging me for visibility! 

We decided to introduce 2FA from the Enterprise plan while working with some design customers from the Enterprise plan. I have flagged this internally to see what options we have going forward.  I don’t have any details to share so we’ll have to come back later with more details while we do our roadmap planning going forward. 

Are you planning to enable 2FA for non-enterprise users in the future or should 2FA only remain an affordable feature?

@Maik, you’re welcome! Btw did you mean, “remain an unaffordable feature”?

Here’s a fun theory to consider...MIRO was PAID BY some of the larger ENTERPRISES NOT TO PUT 2FA ON NON-ENTERPRISE ACCOUNTS so that they could easily hack in and IN ORDER TO STEAL INTELLECTUAL PROPERTY undetected. Lol (maybe...hahahah)

My company won’t allow me to use Miro if no 2FA available to starter and/or Business plans. 

You can’t not offer 2FA in this day and age. This is a standard requirement at all levels of package. As a small business We are not going to be able to afford to upgrade to a pro package. We don’t need SSO, but you need to add 2FA to be compliant at all.

We are a small company and we have an IT policy where it is mandated that we use 2FA therefore we are unable to use Miro. 

We would love to use this product however this is the only reason why we cannot fully use this. Please implement this onto Business Plan so that businesses like ours can use this.

Regards

Rebecca

It is horrible that now in 2024, with today's cybercrime, we have to hope for a chicken list to give us 2FA. It shows that their company puts the safety of their customers at the lowest level. That the wish on the list is over 3 years old is just sad!
It is not the case that only large companies have values that should not be compressed, even a student or the man in the street can have the values destroyed. Imagine a student who is on his way to completing a program, loses or has all his data stolen. Then a whole year (or more) is a waste of both time and money.
Show that you are a serious company that takes ALL customers seriously, get 2FA in place on all subscriptions!

Hello Miro Community,

I'm writing to address a critical security issue affecting many Miro users: the limited availability of two-factor authentication (2FA) across Miro's plans.

A recent community post https://community.miro.com/ask-the-community-45/how-to-turn-off-2-factor-authentication-starter-miro-plan-16666 revealed that a user on a "starter" plan was unexpectedly prompted for 2FA. This incident proves a crucial point: Miro has the technical capability to offer 2FA to non-enterprise users, likely via a simple backend toggle.

Given this evidence, it's time for Miro to make 2FA universally available. Here's why:

1. Technical Feasibility: Miro can clearly enable 2FA for non-enterprise accounts with minimal effort.
2. Essential Security: 2FA is a critical feature for protecting sensitive business information, which Miro often handles.
3. Competitive Disadvantage: Miro's stance on 2FA is falling behind industry standards:
   • Figma's FigJam: 2FA included for $5/month total
   • Monday.com's Work Canvas: 2FA at $10/user/month (3 user minimum - so $30/month total)
   • Miro Enterprise: 2FA only available at 30+ user minimum (guessing $20/user/month based on Business plan pricing, if not more - so $600/month total)
4. User Expectations: In today's security-conscious world, users increasingly view 2FA as a basic necessity, not a premium feature.
5. Ethical Considerations: Restricting a vital security feature to high-tier plans prioritizes profit over user protection.
6. Potential Liability: In the event of a security breach, Miro's decision to withhold 2FA from lower-tier plans could be viewed unfavorably.

Call to Action for Miro:

1. Implement universal 2FA access across all plan tiers immediately.
2. Provide a clear timeline for this implementation if it can't be done right away.
3. Offer transparent communication about the decision-making process behind 2FA availability.

Questions for the Miro team:

• What specific technical or business challenges prevent offering 2FA universally?
• Are there plans to expand 2FA availability in the near future? If so, what's the timeline?
• How does Miro justify the security disparity between enterprise and non-enterprise users?

To fellow community members:

• How crucial is 2FA in your decision to use or recommend a digital whiteboard platform?
• Have you experienced any security concerns due to the lack of 2FA on your Miro plan?
• Would you be willing to pay a small fee for 2FA if Miro offered it as an add-on to lower-tier plans?

Let's collectively push for this critical security enhancement. Miro's response to this issue will significantly impact user trust and platform security.

Thank you for your attention to this urgent matter. I look forward to a productive discussion and, hopefully, positive action from Miro.

@Miro Community Team 

Thanks for merging all these ideas. 

Has the 2FA feature for non-enterprise accounts been slotted into a future release vehicle yet?  

If not, could it be?  If there was a date (or perhaps a quarter and a year, e.g. Q1 2025) could it be shared? We all understand priorities shift and not every feature will make the target time frame. 

It would go a long way to ease some of the noise around this, I’m thinking. 

Thanks for the great product/service.

@Shawn Hank Thanks for being more polite about this then rest of us. Lol. It’s just frustrating after 3 years of no communication by Miro other than “idea merge.” However, I will disagree on one fact...it’s not just “noise.” Feel free to Google “AI scary ability to bypass passwords” or something similar when you have a moment. And some of us have experienced some security issues which may or may not have been related to Miro and lack of 2FA.

Even the FTC (Federal Trade Commission), the United States federal organization where one of their main purposes is to help prevent predatory business practices (guessing...making an small business business pay roughly $7,000/year before they get can have essential security (2FA) could fall within this), has a webpage recommending 2FA https://consumer.ftc.gov/articles/use-two-factor-authentication-protect-your-accounts. I’m curious what they’d have to say about this.

Solution for this problem: 

ClickUp also offer now whiteboard projects + a lot extras and already free version always has 2FA 

Greetings

@Maik, how would you say it compares to Miro, honestly? For instance, Miro has a flexible table. That has saved me tuns of time in the past when I previously felt safe to work with it. Also, Miro has their new AI features...does clickup have anything like that? Can you invite outside collaborators. Is it as intuitive and easy to use? A comparison based on your personal experience of using both would be helpful, if you’re up for it :)

1. But Miro don't offer free 2FA, because they don't care

2. U should try clickup by urself

“Account has been hacked and 150 people have been added as full members.” - and this is just what someone was able to see (for obvious reasons)...imagine all those hacks not seen/undetected. So stilling thinking that all paying customers shouldn’t have basic 2FA (even if they aren’t able to afford the ~ $6,000/year price tag just to have 2FA)?

My apologies, my copy paste got stuck...this is what I meant to paste from the updated ai version. Lol: “

SECURITY ALERT: Just discovered an account breach where 150+ people were added as full members without authorization (https://community.miro.com/ask-the-community-45/account-has-been-hacked-and-150-people-have-been-added-as-full-members-18720?tid=18720&fid=45). This is just one detected incident - consider how many go unnoticed.

The continued refusal to provide basic 2FA for all paying customers (unless they pay ~$6,000/year) puts our workspaces at unnecessary risk. Multiple community members have professionally requested this basic security feature for years.

This isn't about premium features - this is about fundamental account security that's become standard across the industry. How many more breaches need to occur before basic 2FA is made accessible to all paying customers?”

Hi everyone,

Thanks so much for sharing your thoughtful feedback. We appreciate it.

Should our team have any other questions, they will be sure to follow up.  For those coming across this idea, if you feel it's helpful to have or have additional suggestions, please be sure to vote for it and leave a comment about your use case to help our team scope this request.

Is the fact that there are already half a dozen threads/requests for 2FA now being hidden, including this one?: