14

2 Factor Auth

Since I am using throttle for a lot of accounts (many of which have billing info) that turns throttle itself into a single point of failure. It would be great if I were able to trust that throttle is a secure place to store that kind of information. 

2 factor authentication would be a good first step toward doing so. 

5 replies

Taurean, this one's interesting!

I'd love to see if there's more demand; to others here, be sure to vote on this item (and any others) that you also want.

I don't know if I'd use it personally, but he does make a good point. Someone breaks into the Throttle DB system and all our emails are public knowledge. At that point I wouldn't even be concerned by my 22-character password being compromised...

This would be awesome as I use 2FA for all my accounts that have it. There's many ways to do it:

  • Authy's API which provides SMS or App codes OR a accept/deny notification (https://www.authy.com/developers/)
  • Clef replaces the username and password entirely by scanning a Wave similar to a barcode (https://getclef.com/developer/)
  • Passwordless.net to log in with a link sent to your email (like the verify your account emails but to log in each time)
  • Auth0 for Email Link or Code, SMS, and Social providers.

And of course there's lots more also.

Hey Brandon, thank you for the recommendations!

I, for one, would love to have 2 factor Auth.

Because... you know, email is pretty serious stuff. And you can't trust a lonely password :-)

2-factor authentication is a must. All top-tier web services use it.