2FA - 2 factor authentication

This urgently needs to be a added as a basic feature.

2FA for accounts should be a mandatory feature for any SaaS. We don’t necessarily need centralized management for it (e.g. enforcing all team members to turn it on), which can be kept on the enterprise plan. 

You need to fix this. This is a major vulnerability and 2fa should be standardin 2021!

security wise it's unacceptable there's not any 2fa option available yet for all users. 
Especially when you allow third parties to log in for (DNS) management. 

This is a no-brainer: up the ante in security please!

We really need 2fa to be part of basic package

+1 for this request.

Not having 2fa creates a real security risk for teams using Miro and means that we have to spend a lot more time clarifying what sort of information should be stored on the platform...ultimately it limits our use of the platform.

+1. We’re a small team (<20) but require 2FA for cloud services as a basic security measure.

I get why SSO is an enterprise feature (you got bills to pay like the rest of us), but could you add the means to use and require 2FA to the team/professional plan? Simple app type integration would be fine, though proper SAML would be ace so that we can use Duo or the like.

+1. 2FA for the team/professional plan would be amazing.

I’m honestly shocked that this is still not an option.

2FA should be a feature available to ALL customers, not hidden behind the enterprise plan. I totally understand why SSO would an enterprise feature, however two-factor authentication is a basic security feature which should be available to all clients paying or not. 

2FA really needs a theme, especially when a user can create a password for himself 12345678 and no one can forbid him, 2FA should be on all plans starting with TEAM. It is strange that Miro does not have a strict password policy, not 2fa, apparently it has not been hacked for a long time. I hope it will be implemented soon.

Please increase account security with 2FA. Its irresponsible towards our clients and their data to use a tool that does not enable implementing standard account security measures. Especially in these troubled times security is essential.

I echo this: “2FA is a basic these days. Especially in Business.” Have gone round a whole range of software suites today to incrase my secuirty and add Yubikeys, and was surprised I can’t even add a more basic level to Miro i.e not at all ;-(.

2FA is a basic these days. Especially in Business. Was really surprised not finding it in my settings with the team today. Please include asap. 

Please add 2FA as a must at least for Enterprise Subscriptions.

​@ElvaMiro 

Thank you for your reply. However, I need to respectfully push back on the suggestion to gather more votes and use cases for 2FA implementation:

1. We already have concrete evidence of security breaches affecting non-enterprise customers (as demonstrated by the recent 150+ unauthorized members incident).
2. The technical implementation is largely complete - 2FA is already working for enterprise customers, the infrastructure exists, and the documentation is written.
3. The use case for 2FA is universal and well-established: protecting user accounts from unauthorized access. This is security fundamentals, not a feature request.
4. Multiple paying customers have been requesting this for years, providing feedback and use cases throughout that time.

This isn't a matter of gathering more feedback or proving demand - it's about providing a basic security feature that's industry standard. Every day without universal 2FA puts more customer workspaces at risk of compromise.

As someone who has worked in digital product development, I can confidently say that extending existing 2FA infrastructure to all paying customers requires minimal technical effort compared to the initial implementation. The barrier here isn't technical or about understanding use cases - it appears to be purely a business decision to keep it as a premium feature.

I genuinely appreciate you engaging with the community on this, but we need action on this security issue, not more voting and use cases. Meanwhile, real security breaches continue to occur, putting customer data and intellectual property at risk. How many more workspaces need to be compromised before this basic security feature is made accessible to all paying customers?

+1 Totally agree

This is ultimately going to be the reason I am unable to use this platform in a professional capacity unfortunately.  This at least needs to be road mapped into the personal/teams plan at this point. 

@Anne Pitkänen -

I'm very happy to tell you that we have this week released 2FA to Miro Enterprise customers.

Any plans to improve security for the rest of your customers?

We are in the same boat as the above company, we view it 2FA/MFA as a basic necessity to be able to trust miro that takes data security seriously and for us to trust it enough to use it

For me in Europe I struggle with two things:

1. GDPR and the fact that Miro is US owned. See Schreems II. But perhaps Biden is going to change the law in US?
2. Two factor. MFA.

The first I can get around saying we don't handle sensitive personal data for our customers.customer.

The second is crucial to use Miri for what I do. Strategic planning. Plain password? Not really an option.

So please. @miro admin listen to your customers!

We need this.

Now.

Hi everyone!

I'm very happy to tell you that we have this week released 2FA to Miro Enterprise customers. Now, Enterprise company admins can require non-SSO users to go through an extra identity proofing layer when logging into Miro.

When 2FA is toggled on by the admin, all users authenticating with email and password will be required to set up 2FA the next time they log in. We offer TOTP login (Time-based One-time password) with any authenticator app that support standard TOTP code.

The 2FA toggle can be now found in the Security section of the admin panel.

Read more from the admin and end user guides.

Anne
Product Marketing Manager, Enterprise

We are a small company and we have an IT policy where it is mandated that we use 2FA therefore we are unable to use Miro. 

We would love to use this product however this is the only reason why we cannot fully use this. Please implement this onto Business Plan so that businesses like ours can use this.

Regards

Rebecca

Hello Miro Community,

I'm writing to address a critical security issue affecting many Miro users: the limited availability of two-factor authentication (2FA) across Miro's plans.

A recent community post https://community.miro.com/ask-the-community-45/how-to-turn-off-2-factor-authentication-starter-miro-plan-16666 revealed that a user on a "starter" plan was unexpectedly prompted for 2FA. This incident proves a crucial point: Miro has the technical capability to offer 2FA to non-enterprise users, likely via a simple backend toggle.

Given this evidence, it's time for Miro to make 2FA universally available. Here's why:

1. Technical Feasibility: Miro can clearly enable 2FA for non-enterprise accounts with minimal effort.
2. Essential Security: 2FA is a critical feature for protecting sensitive business information, which Miro often handles.
3. Competitive Disadvantage: Miro's stance on 2FA is falling behind industry standards:
   • Figma's FigJam: 2FA included for $5/month total
   • Monday.com's Work Canvas: 2FA at $10/user/month (3 user minimum - so $30/month total)
   • Miro Enterprise: 2FA only available at 30+ user minimum (guessing $20/user/month based on Business plan pricing, if not more - so $600/month total)
4. User Expectations: In today's security-conscious world, users increasingly view 2FA as a basic necessity, not a premium feature.
5. Ethical Considerations: Restricting a vital security feature to high-tier plans prioritizes profit over user protection.
6. Potential Liability: In the event of a security breach, Miro's decision to withhold 2FA from lower-tier plans could be viewed unfavorably.

Call to Action for Miro:

1. Implement universal 2FA access across all plan tiers immediately.
2. Provide a clear timeline for this implementation if it can't be done right away.
3. Offer transparent communication about the decision-making process behind 2FA availability.

Questions for the Miro team:

• What specific technical or business challenges prevent offering 2FA universally?
• Are there plans to expand 2FA availability in the near future? If so, what's the timeline?
• How does Miro justify the security disparity between enterprise and non-enterprise users?

To fellow community members:

• How crucial is 2FA in your decision to use or recommend a digital whiteboard platform?
• Have you experienced any security concerns due to the lack of 2FA on your Miro plan?
• Would you be willing to pay a small fee for 2FA if Miro offered it as an add-on to lower-tier plans?

Let's collectively push for this critical security enhancement. Miro's response to this issue will significantly impact user trust and platform security.

Thank you for your attention to this urgent matter. I look forward to a productive discussion and, hopefully, positive action from Miro.

This is way over due, to the point of negligent. We have SSO for our users, but we need to force it force guests.