Chat support available. Click the chat icon on the bottom right corner to start chatting with us right away!

mSecure Support

Knowledge Base Forums Submit a ticket
Planned

2FA or yubikey support

Hi,


First of all I'm very happy with the product and have been for quite a while. I was wondering if any support for 2FA will be added in the near future? Specifically yubikey as an extra layer on top of your masterpassword.


thanks

Rob


1 person likes this idea

Hi Rob,

Thank you for contacting us. We not only use an account password, but also use a device created random account key as well. We require customers to save and keep a hold of this account key and customers need to authenticate the account key in order to sign in to their accounts. You can read more about our security model here: https://m7software.freshdesk.com/support/solutions/articles/36000019927-msecure-s-security-model


That said, yes, we are looking into additional security and are looking into Two Factor authentication and different types to offer in the future. However, there is not set plan for when and what types of Two Factor authentication will be offered in the future.

Totally Support the initial comment / has there been any update on two-factor authentication? Thanks Jason

Hi Jason,

Our app works differently than other apps that support two-factor authentication since you don't have to sign in to your mSecure account each time you want to use the app. We also do provide a second factor authentication via your account key authentication. Currently, we do have plans to add additional two factor authentication options in the future. However, we do not have a timeline at the moment for the additional two factor authentication options.

I second Jason/Rob about incorporating 2FA into mSecure.     I hope we can see it sooner than later.    

I would like to see something like Authy, Google Authenticator, WinAuth, incorporated into Msecure so that 2FA keycodes can be stored inside the MSecure app. That would make it more usable for me. I love the app and have been using it since v3 but the lack of the 2FA utility within the app is an annoyance. 


Its not so that I can use 2fa to login to the MSecure app but so that I can store 2FA Google Authenticator compatible keycode algorithm results in the msecure app. 



Hello everyone. To reiterate our response from about a year ago, 2FA is on our radar. While we don't have plans for implementing it in the first release of mSecure 6, it's possible it will be added in a 6.0.X or 6.X release later.

I second the need for 2FA. 


Like most commentators, I have been using this product for years and have no qualms at all. However, 2FA is now a must-have  functionality at least on the desktop app so please prioritise.

Hi Everyone,

I just saw George's comment, and I realized I would like to get some clarification on the need for 2FA in mSecure. There have been different requests for how this feature should be implemented, so I want to get more information on what you are wanting in the feature.


First, the way I understand 2FA to work is like when you sign in to your Apple ID online (I realize not all here will have an Apple ID). You enter your username and password and submit the form, then Apple's server sends you a notification to your devices telling you that a sign in was attempted. Now you have to accept that this is ok, which brings in the second factor for the authentication. The first factor is the credentials, and the second factor is entering the 6 digit code they send in the notification.


For mSecure, we wouldn't be implementing a notification system like Apple, at least not at first. As I understand it now, it would require the use of a 3rd party key, like from YubiKey or some such provider. It would seem really cumbersome, though more secure and reassuring, that a second factor of authentication should be required when unlocking mSecure, so I'm not sure what the expectations are and why. For example, if I was out one night and needed a password, do I have to have my hardware fob with me in order to unlock the app? That doesn't seem right, so I want to get as much clarification on how our customers would expect the feature to work. I want to make sure our use case(s) are good before we start really working on the implementation.


Thanks so much for all your input everyone!

I have mSecure running on my laptops which requires a password for access. This I think is the Achilles heel as the iPhone app is protected by Face ID and that is of a stronger strength security wise than just a password. So, the second factor could be sent to a text/email etc or use an Auth app e.g. Yubikey amongst others. Having multiple second factor options could perhaps fix your late night use case. One could receive an OTP text instead of having to resort to a Auth app or h/w fob. Personally, I am comfortable in the level of assurance the iPhone offers around access into mSecure. My main concern as mentioned earlier is re: desktop/laptop apps and I would be even happy to pay for the functionality. Remote deletion of data on other appliances could also be helpful. This feature is on offer in other apps like WhatsApp, Telegram etc. and re: notification I think is a nice to have. George
Either in the form of Authy, google authenticator or winauth on a mobile device or Yubikey. Both would be most welcome and preferred. Have yubikey setup as your main 2fa and authy as a fallback in case you have no access to your key. But it's quite easy to have your key with you all the time. Simply attach it your keychain and go to whatever party you like. For iphone the use case is different due to the extra security through face id. It would be convenient to be able to choose whether to turn on or off 2fa on iphone. I for one would still use it in combination with yubikey (faceid and keytap to access msecure). But I can imagine that for other users faceid is enough. On desktop having only a masterpassword certainly isn't secure enough.

Thank you both very much for your feedback on this! I'm just keeping this thread alive for as much feedback as possible as we continue development. If anything else comes to mind that you think would be useful, please let us know.

As stated above, I love mSecure 5 and have been a user for many years. I presently have it implemented on multiple Apple products (MacBook Pro, iPad Pro, iPhone X). 

I'd like to see YubiKey type MFA supported, including, any least optionally, on iPhone (not all use FaceID). 

While they are a little thick, YubiKey can be carried in a wallet instead of keychain if preferred. 

Sooner rather than later is a definite. 

These are fairly new to me, but having added security for my passwords and other important data seems equally as important as using MFA on my financial and email accounts (which I'm presently upgrading to YubiKey-enabled wherever available). 

Feel free to contact me with any questions. 

Thank you for your input on this Burt. Our plan now is to have the first iteration of Multi-Factor Authentication implemented in our first update after the initial v6 release. All of the details have not been ironed out, of course, but MFA is at the forefront of our radar.

I agree with Rob from 2 mos age. I’ll go a step further. Yes to Authy, Yubi or SMS text for 2FA. I haven’t seen mentioned using the Apple Watch 5 which Apple itemizes (separate permission set up for device logins). Please keep in mind Authy, for those of us who stay away from google apps overall. I personally like Face or touch authentication (I wish Apple would bring that back given it was on laptop devices too). And of course, two options - if our main device or app is inoperable.

Login or Signup to post a comment