First of all I'm very happy with the product and have been for quite a while. I was wondering if any support for 2FA will be added in the near future? Specifically yubikey as an extra layer on top of your masterpassword.
Thank you for contacting us. We not only use an account password, but also use a device created random account key as well. We require customers to save and keep a hold of this account key and customers need to authenticate the account key in order to sign in to their accounts. You can read more about our security model here: https://m7software.freshdesk.com/support/solutions/articles/36000019927-msecure-s-security-model
That said, yes, we are looking into additional security and are looking into Two Factor authentication and different types to offer in the future. However, there is not set plan for when and what types of Two Factor authentication will be offered in the future.
Totally Support the initial comment / has there been any update on two-factor authentication? Thanks Jason
Our app works differently than other apps that support two-factor authentication since you don't have to sign in to your mSecure account each time you want to use the app. We also do provide a second factor authentication via your account key authentication. Currently, we do have plans to add additional two factor authentication options in the future. However, we do not have a timeline at the moment for the additional two factor authentication options.
I second Jason/Rob about incorporating 2FA into mSecure. I hope we can see it sooner than later.
I would like to see something like Authy, Google Authenticator, WinAuth, incorporated into Msecure so that 2FA keycodes can be stored inside the MSecure app. That would make it more usable for me. I love the app and have been using it since v3 but the lack of the 2FA utility within the app is an annoyance.
Its not so that I can use 2fa to login to the MSecure app but so that I can store 2FA Google Authenticator compatible keycode algorithm results in the msecure app.
Hello everyone. To reiterate our response from about a year ago, 2FA is on our radar. While we don't have plans for implementing it in the first release of mSecure 6, it's possible it will be added in a 6.0.X or 6.X release later.
I second the need for 2FA.
Like most commentators, I have been using this product for years and have no qualms at all. However, 2FA is now a must-have functionality at least on the desktop app so please prioritise.
I just saw George's comment, and I realized I would like to get some clarification on the need for 2FA in mSecure. There have been different requests for how this feature should be implemented, so I want to get more information on what you are wanting in the feature.
First, the way I understand 2FA to work is like when you sign in to your Apple ID online (I realize not all here will have an Apple ID). You enter your username and password and submit the form, then Apple's server sends you a notification to your devices telling you that a sign in was attempted. Now you have to accept that this is ok, which brings in the second factor for the authentication. The first factor is the credentials, and the second factor is entering the 6 digit code they send in the notification.
For mSecure, we wouldn't be implementing a notification system like Apple, at least not at first. As I understand it now, it would require the use of a 3rd party key, like from YubiKey or some such provider. It would seem really cumbersome, though more secure and reassuring, that a second factor of authentication should be required when unlocking mSecure, so I'm not sure what the expectations are and why. For example, if I was out one night and needed a password, do I have to have my hardware fob with me in order to unlock the app? That doesn't seem right, so I want to get as much clarification on how our customers would expect the feature to work. I want to make sure our use case(s) are good before we start really working on the implementation.
Thanks so much for all your input everyone!
Thank you both very much for your feedback on this! I'm just keeping this thread alive for as much feedback as possible as we continue development. If anything else comes to mind that you think would be useful, please let us know.
As stated above, I love mSecure 5 and have been a user for many years. I presently have it implemented on multiple Apple products (MacBook Pro, iPad Pro, iPhone X).
I'd like to see YubiKey type MFA supported, including, any least optionally, on iPhone (not all use FaceID).
While they are a little thick, YubiKey can be carried in a wallet instead of keychain if preferred.
Sooner rather than later is a definite.
These are fairly new to me, but having added security for my passwords and other important data seems equally as important as using MFA on my financial and email accounts (which I'm presently upgrading to YubiKey-enabled wherever available).
Feel free to contact me with any questions.
Thank you for your input on this Burt. Our plan now is to have the first iteration of Multi-Factor Authentication implemented in our first update after the initial v6 release. All of the details have not been ironed out, of course, but MFA is at the forefront of our radar.