2FA - 2 factor authentication


Hi, I would love to increase login security by enabling 2FA (2 factor authentication). For example through Google Authenticator, Authy, etc.

+1. We’re a small team (<20) but require 2FA for cloud services as a basic security measure.

I get why SSO is an enterprise feature (you got bills to pay like the rest of us), but could you add the means to use and require 2FA to the team/professional plan? Simple app type integration would be fine, though proper SAML would be ace so that we can use Duo or the like.


+1. 2FA for the team/professional plan would be amazing.


2FA for accounts should be a mandatory feature for any SaaS. We don’t necessarily need centralized management for it (e.g. enforcing all team members to turn it on), which can be kept on the enterprise plan. 


We really need 2fa to be part of basic package


2FA really needs a theme, especially when a user can create a password for himself 12345678 and no one can forbid him, 2FA should be on all plans starting with TEAM. It is strange that Miro does not have a strict password policy, not 2fa, apparently it has not been hacked for a long time. I hope it will be implemented soon.


You need to fix this. This is a major vulnerability and 2fa should be standardin 2021!


We’ve asked everyone on our team to sign in with a federated account, for us we use Azure AD so we all authenticate using the orange O icon.

By using federation our IT team can remove access when needed and they are able to enforce 2FA wherever we use our work credentials. I imagine if you use Google Workspace(?) for accounts then you can probably do the same. Join the team using your work Google Accounts and remove your local Miro account. Enable 2FA in Workspace. Use 2FA when you authenticate.

It does need someone to catch those people who sign up with local accounts however for us using AAD we have a public domain alias for our emails so we can see easily those members of the team that accidentially joined using their public email address and prompt them to use their federated account instead.

It’s not SSO but federation is close enough for us just now. We can manage and enforce the policies we need –including 2FA.


+1


This urgently needs to be a added as a basic feature.


+1 for this request.

 

Not having 2fa creates a real security risk for teams using Miro and means that we have to spend a lot more time clarifying what sort of information should be stored on the platform...ultimately it limits our use of the platform.


You need to fix this. This is a major vulnerability and 2fa should be standardin 2021!

+1 Totally agree


I’m honestly shocked that this is still not an option.


This is ultimately going to be the reason I am unable to use this platform in a professional capacity unfortunately.  This at least needs to be road mapped into the personal/teams plan at this point. 


security wise it's unacceptable there's not any 2fa option available yet for all users. 
Especially when you allow third parties to log in for (DNS) management. 

This is a no-brainer: up the ante in security please!


Please increase account security with 2FA. Its irresponsible towards our clients and their data to use a tool that does not enable implementing standard account security measures. Especially in these troubled times security is essential.


2FA is a basic these days. Especially in Business. Was really surprised not finding it in my settings with the team today. Please include asap. 


Please add 2FA as a must at least for Enterprise Subscriptions.


This is way over due, to the point of negligent. We have SSO for our users, but we need to force it force guests. 


I echo this: “2FA is a basic these days. Especially in Business.” Have gone round a whole range of software suites today to incrase my secuirty and add Yubikeys, and was surprised I can’t even add a more basic level to Miro i.e not at all 😢.


Miro is a product/capability that I enjoy more than any other product in recent times that I can think of - so firstly THANK YOU for that.

 

Request:

Please Miro Team respond to this fundamental request - Security of personal data is non-negotiable.  Account security is coupled with that, being that a breach would expose personal account information (PI Data) not to mention any sensitive board content.

 

I understand that SSO is in a private beta? - however please let us know where in the roadmap/timeline MFA will become part of any account - certainly any paid-for account.

 

Thank you


I echo this too: “2FA is a basic these days. Especially in Business.”

We have an Enterprise licence and bring client organisations in as users to deliver training in a methodology, which they then can continue to use with their own licence (hopefully an enterprise licence).

This means SSO isn’t an option, and we have no way of setting  up and enforcing 2FA for these users.

Which has the InfoSec teams at my clients more than a little concerned… and is an approach that Is inconsistent with the high trust / high security image Miro communicates through the Trust Center.

Please can we get a response on this Miro??

 

PS. It also strikes me that this precisely the kind of need that gets lost when you ask users to vote for changes they most want to see. It’s a need that is invisible to most users, yet absolutely presents a risk for all of them, not just the organisations they work for. But few of them will UpVote this request!


We are in the same boat as the above company, we view it 2FA/MFA as a basic necessity to be able to trust miro that takes data security seriously and for us to trust it enough to use it


We are in the same boat as the above company, we view it 2FA/MFA as a basic necessity to be able to trust miro that takes data security seriously and for us to trust it enough to use it

Totally agree with Andreas and everyone in this thread. MFA is critically vital to protection of individuals and organisations and I would love to see this as a standard security feature across all licences. 


For me in Europe I struggle with two things:

  1. GDPR and the fact that Miro is US owned. See Schreems II. But perhaps Biden is going to change the law in US?
  2. Two factor. MFA.

The first I can get around saying we don't handle sensitive personal data for our customers.customer.

The second is crucial to use Miri for what I do. Strategic planning. Plain password? Not really an option.

So please. @miro admin listen to your customers!

We need this.

Now.


Hi everyone!

I'm very happy to tell you that we have this week released 2FA to Miro Enterprise customers. Now, Enterprise company admins can require non-SSO users to go through an extra identity proofing layer when logging into Miro.

When 2FA is toggled on by the admin, all users authenticating with email and password will be required to set up 2FA the next time they log in. We offer TOTP login (Time-based One-time password) with any authenticator app that support standard TOTP code.

The 2FA toggle can be now found in the Security section of the admin panel.

Read more from the admin and end user guides.

Anne
Product Marketing Manager, Enterprise