Z

Mon, Aug 27, 2018 4:26 PM

2FA Authentication for Online Accounts

Hi, I am new to Simplisafe and I was disappointed to learn there is no 2FA option available for my online account security. I have a strong password, but I would feel much more secure if there was some sort of 2FA option available.

Preferably not just mobile/SMS codes (which aren't very secure), but also the option for a code generating app like Duo or Google Authenticator.

I feel that especially for a security company like Simplisafe, where people hacking into your account could give them access to security cam footage from inside your home, this should be fixed.

Does anyone else agree?

277 Messages

Il y a 4 y

Agreed! I believe there was another thread where an SS rep made mention of 2FA in the near future. Hoping this will be the case. It seems that SS has been working hard to roll out a huge number of enhancements and features. I have been with SS for almost 4 years and have seen a great deal of improvements already so I anticipate the same ahead...
Totally agree, MFA/2FA is desperately needed! I had this conversation on a phone call with SS Support today after a 'mystery' smartphone app disabled my home security, and the Support person did not know what MFA/2FA was. I also agree that verification and/or notification on password reset is needed.

Captain

 • 

4.6K Messages

Il y a 4 y

Would like to suggest a different direction for the mobile apps, both iOS and Android. Allow to secure the app via finger print.  Quick access to the application is essential and this would be quicker than entering a 4 digit code.

2 Messages

Il y a 4 y

@Captain11: On iOS you can already use Touch ID/Face ID to secure the app.

Captain

 • 

4.6K Messages

Il y a 4 y

@nuvs, thanks for the heads up.  As I have not owned an Apple product for years (and will not in the years to come) I now have to wonder why SS only offers it on iOS and not Android.

SS?

277 Messages

Il y a 4 y

Captain, it isn't that SS offers this feature on iOS, it is that the newer iPhones (which I have) have the Touch ID feature for the phone itself. So, everything on my phone is secured by Touch ID. For me, adding the Touch ID feature for the SS app would be redundant, and annoying.

2 Messages

Il y a 4 y

@steve.lux89--developer have to explicitly support Touch ID/Face ID, it's not automatic. SimpliSafe has chosen to do so, but it's completely optional. In my case, I find it very useful and efficient for getting quickly into the SimpliSafe app.

In terms of Zach18's original post, I agree that 2FA would be a good idea. We are securing our physical homes, after all!

Il y a 4 y

agree

277 Messages

Il y a 4 y

@nuvs I understand that. The point I was making is that SS does not already use the Touch ID feature but the newer iPhones do and therefor secures your entire phone at once. I was clarifying for the great @Captain.

Captain

 • 

4.6K Messages

Il y a 4 y

@steve.lux89, LOL. Great is not an adjective I am use to so will take it with an element of sarcasm.  Your explanation of course had me saying "duh" to myself and is now clear. Even my lowly unlocked Moto G6 I just got has a fingerprint security function.  I personally still think it would be a nice feature to have on the SS app. Our power utility company, ComEd, uses it to secure its app, as does several others, mostly banks, and works well.

130 Messages

Il y a 4 y

@nextgensecurity

I'm not sure if you're aware, however you can log into the account using a web browser and see the "recently used mobile devices" that were logged into the account.

Don't recognize any of them? Change your password to something a bit more discreet (13 characters or more. Case sensitive, Special characters, and numbers.)

You can also "force" them to log out after you have made the password change.
Btw, MFA/2FA is for people that don't take a proactive mindset towards their online security.

Advocate

 • 

2.8K Messages

Il y a 4 y

Guido, I'm just curious, why so lax about 2FA or other methods of better security?  Even if it wasn't about logins and pw's, we should expect their servers to be secure - with no 2FA for basic logins, that's not saying much for how they secure their servers.

130 Messages

Il y a 3 y

@coltmaster1

I'm lax about 2FA because with a properly secured password, i just find it so unnecessary. Like I said in my previous post, a password with at least 13 characters, randomly generated should take a brute force attacker about 500 million years to hack. Extending it to 16 characters pushes that up to 400 TRILLION YEARS.

Outside of that, proper security should also be taken with anything you are using to type in those passwords. (Genuine firewalls, proper computer anti-viruses, and proper defense against keyloggers). All of those things play a crucial role and failing all of those then a 2FA would be necessary.

However, since I take all of those thing seriously, the 2FA i feel is wholly unnecessary, and only adds another step when I'm trying to log into my account that is for the most part, very secure.

We're talking about Security, why wouldn't someone take a proactive role in their home security. It seems rather lazy to me is all.

Advocate

 • 

2.8K Messages

Il y a 3 y

Well, um, some of us already take those measures - it's time SS did theirs.  It's 2019, their ignorance and failure to do so despite many years of having the ability, plus hundreds of customer requests - shows just how security-conscious they really are, right?  Really makes me question the security on their servers, and if part of all of SS's funding in recent years has gone to securing their databases or not.

708 Messages

Il y a 3 y

Let me start this leap off the 2FA cliff with: it would be a good/great thing for SS to provide 2FA to the web accounts.

To continue my leap of this 2FA cliff, I will post either a similar or the same comment I posted somewhere else on this quagmire of a site: I have my SS system to keep the stupid criminals out.  I am assuming the alarm will "scare" them off.  Oh well, I can hope, can't I.

Now to my leap without a parachute: I am ASSUMING even though there are "bad guys and gals" out there that have relationships between groups in different cities, the chances (I think) should be very low, that (1) a person that hacks into the SS system to get my address and override my access lives close enough to me to make a trip to my house worth it or (2) a related group of bad people live in my city where the brains of the operations that hack the system would then disperse the information to people in my city to come to my house.

That ought to stir everyone up and I'll post an update right after the bad guys hit my house and leave a note about accessing my SS account.

Advocate

 • 

2.8K Messages

Il y a 3 y

General, reading your post, swatting comes to mind. (for those who don't know what "swatting" is, google it) - although one would hope a bad guy wouldn't go so far as to use someone's system to do further damage, neither did one ever think that swatting would ever be a thing to worry about.

It's not just tampering with systems, it's personal identifying information, and a lot of it.