2FA Authentication for Online Accounts

Agreed! I believe there was another thread where an SS rep made mention of 2FA in the near future. Hoping this will be the case. It seems that SS has been working hard to roll out a huge number of enhancements and features. I have been with SS for almost 4 years and have seen a great deal of improvements already so I anticipate the same ahead...

Would like to suggest a different direction for the mobile apps, both iOS and Android. Allow to secure the app via finger print.  Quick access to the application is essential and this would be quicker than entering a 4 digit code.

@Captain11: On iOS you can already use Touch ID/Face ID to secure the app.

@nuvs, thanks for the heads up.  As I have not owned an Apple product for years (and will not in the years to come) I now have to wonder why SS only offers it on iOS and not Android.

SS?

Captain, it isn't that SS offers this feature on iOS, it is that the newer iPhones (which I have) have the Touch ID feature for the phone itself. So, everything on my phone is secured by Touch ID. For me, adding the Touch ID feature for the SS app would be redundant, and annoying.

@steve.lux89--developer have to explicitly support Touch ID/Face ID, it's not automatic. SimpliSafe has chosen to do so, but it's completely optional. In my case, I find it very useful and efficient for getting quickly into the SimpliSafe app.

In terms of Zach18's original post, I agree that 2FA would be a good idea. We are securing our physical homes, after all!

agree

@nuvs I understand that. The point I was making is that SS does not already use the Touch ID feature but the newer iPhones do and therefor secures your entire phone at once. I was clarifying for the great @Captain.

@steve.lux89, LOL. Great is not an adjective I am use to so will take it with an element of sarcasm.  Your explanation of course had me saying "duh" to myself and is now clear. Even my lowly unlocked Moto G6 I just got has a fingerprint security function.  I personally still think it would be a nice feature to have on the SS app. Our power utility company, ComEd, uses it to secure its app, as does several others, mostly banks, and works well.

@nextgensecurity

I'm not sure if you're aware, however you can log into the account using a web browser and see the "recently used mobile devices" that were logged into the account.

Don't recognize any of them? Change your password to something a bit more discreet (13 characters or more. Case sensitive, Special characters, and numbers.)

You can also "force" them to log out after you have made the password change.
Btw, MFA/2FA is for people that don't take a proactive mindset towards their online security.

Guido, I'm just curious, why so lax about 2FA or other methods of better security?  Even if it wasn't about logins and pw's, we should expect their servers to be secure - with no 2FA for basic logins, that's not saying much for how they secure their servers.

@coltmaster1

I'm lax about 2FA because with a properly secured password, i just find it so unnecessary. Like I said in my previous post, a password with at least 13 characters, randomly generated should take a brute force attacker about 500 million years to hack. Extending it to 16 characters pushes that up to 400 TRILLION YEARS.

Outside of that, proper security should also be taken with anything you are using to type in those passwords. (Genuine firewalls, proper computer anti-viruses, and proper defense against keyloggers). All of those things play a crucial role and failing all of those then a 2FA would be necessary.

However, since I take all of those thing seriously, the 2FA i feel is wholly unnecessary, and only adds another step when I'm trying to log into my account that is for the most part, very secure.

We're talking about Security, why wouldn't someone take a proactive role in their home security. It seems rather lazy to me is all.

Well, um, some of us already take those measures - it's time SS did theirs.  It's 2019, their ignorance and failure to do so despite many years of having the ability, plus hundreds of customer requests - shows just how security-conscious they really are, right?  Really makes me question the security on their servers, and if part of all of SS's funding in recent years has gone to securing their databases or not.

Let me start this leap off the 2FA cliff with: it would be a good/great thing for SS to provide 2FA to the web accounts.

To continue my leap of this 2FA cliff, I will post either a similar or the same comment I posted somewhere else on this quagmire of a site: I have my SS system to keep the stupid criminals out.  I am assuming the alarm will "scare" them off.  Oh well, I can hope, can't I.

Now to my leap without a parachute: I am ASSUMING even though there are "bad guys and gals" out there that have relationships between groups in different cities, the chances (I think) should be very low, that (1) a person that hacks into the SS system to get my address and override my access lives close enough to me to make a trip to my house worth it or (2) a related group of bad people live in my city where the brains of the operations that hack the system would then disperse the information to people in my city to come to my house.

That ought to stir everyone up and I'll post an update right after the bad guys hit my house and leave a note about accessing my SS account.

General, reading your post, swatting comes to mind. (for those who don't know what "swatting" is, google it) - although one would hope a bad guy wouldn't go so far as to use someone's system to do further damage, neither did one ever think that swatting would ever be a thing to worry about.

It's not just tampering with systems, it's personal identifying information, and a lot of it.