Feature Request: Two Factor Authentication / 2FA on Accounts

Hi,

I would like to request that two-factor authentication (2FA) be implemented on the Netlify platform. To be specific, I’d like to request time-based one-time passwords (TOTP) through an application like Google Authenticator as well as U2F hardware tokens such as YubiKey and similar. 2FA through SMS is no longer considered a secure form of 2FA.

Netlify has control of some seriously important things, so protecting your account should require more than a standard password.

Please let me know what you think and if it is already in the roadmap.

Thanks,

Hi, welcome to the forums!

We’ve got it in our feature request list to add that if you’re signing up to Netlify with the email/password combo.

For now, though, we recommend that if you need 2FA then sign up to Netlify with your google or github account and enable hardware specific-2FA on those instead, and that’ll grant you the equivalent level of protection.

1 Like

Thanks!

I had signed up using email and password because I like keeping my accounts separated in case one is compromised.

I’ll stay tuned to see if this ends up on the roadmap :slight_smile:

We’ll let you know if we implement something like that - we do have an open feature request on it and will add this thread to the list of folks to notify if things change around our implementation.

1 Like

A post was split to a new topic: Signing up for netlify with google

Jamie caught my screw up on this thread: Signing up for netlify with google

Signing up with one of the repo providers and enabling 2-factor will give you the protection you seek. Ignore me saying Google. :wink:

1 Like

This is great, but I just want to reiterate that I’m using email login, not SSO. My request is to have 2FA for email users.

@nraboy I’m with you, but I figured I’ve already authorised Netlify with GitHub and GitHub has u2f, so I deleted my Netlify account and re-signed up using my GitHub account. Note that you can change you email Netlify address having done that.