Add in option for two-factor Authentication (2FA)
Seajays
Member Posts: 6 ✭✭
As wave can connect to bank accounts and see lots of sensitive commercial information about a business, I would like to have the option of using two-factor authentication (2FA), such as Google Authenticator, in order to provide an additional level of security when logging to wave.
27
Comments
I used my waveapps account on my wife's computer. Last night, after I hadn't used Wave in probably a year I was helping her create an account for her own invoices. She went to the sign up page and clicked "sign in with Google". It went straight into my Wave account.
1) After a year? Wow, that seems like too long of a retention. But there is more...
I had her click "sign out" of wave. She did the same process "Sign in with Google"... BAM! Straight into my account. "WTF!!!" I said to myself. Must be that this browser is logged into Google some how. But no, she was logged into Gmail with her account, had her logout of gmail and log back in.
Still, she went straight into my account. I don't know how you people are working through this logic, but it's wrong.
Hi, @supergreg.
To answer your first question, Wave never deletes anything unless you ask us to. We want you to have dominion over your data. If you decide to not delete something, we assume that was deliberate. If you delete something on your account, it gets deleted for good.
There are a handful of exceptions to this, but if you would like to know more you can find our terms of use, as well as our policies on privacy and security here. If you have other concerns, feel free to contact our security team at privacy@waveapps.com.
As for logging into through your google account, it will be seamless if you're connected to a google account in any way. We do believe that Google sign-in is secure (especially if you have 2-factor authentication set up on your Google account).
It might have logged you to your account if her email is set as an alternative email address to that account. I took a look and you do have several email addresses listed on your Wave account. Does hers show up if you click on the name of your business in the top right corner, then on Manage Your Profile, and finally on Emails & Connected Accounts?
When will you implement 2FA on Wave?
Given the sensitivity and confidentiality of information, is all the data at Wave 256-bit encrypted at the data level?
@wavecomm Hey there. 2FA is something that we are currently working on building out in the very near future (still no exact timetable, but it should be coming out as soon as possible). As for your question about data protection -- "We lock up your data with up to 256-bit TLS encryption, the strength of protection you get with online banking and shopping." For more information regarding security at Wave -- take a look at this link here: https://my.waveapps.com/security/
This would be amazing and I am floored that this is not already a standard security measure. The sooner this is implemented, the better.
Hi
I am really hoping that Wave implements a 2 Factor Authentication really soon. This is an industry security standard and I'm surprised it's not a feature yet with all the sensitive data on there.
I would agree with this and it is a pretty simple process to implement.
Please please please implement this! This need to be an option as Wave accepts payments and pays out to the bank account on file. There is so0o0o0 much room for error without 2FA.
Hey @generalinq. We still don't have any immediate plans to add 2FA - but it could be something in the works for the near future; Wave is extremely committed to the security and privacy of those who use Wave. Our entire organization works with our security team to ensure that the security and privacy of your data is protected at all times.
If you would like to learn more, our privacy practices are outlined in our public privacy policy, which can be found at https://my.waveapps.com/privacy - specific questions can also be sent to privacy@waveapps.com
For information about your relationship with Wave, please review our Terms of Use at https://my.waveapps.com/terms - specific questions can be sent to security@waveapps.com
Hey everyone, 100% that MFA/2FA is the way to go. 2FA is something that our teams are working towards this year, although I can't wager an ETA at this point. I just wanted to take the time to acknowledge that you're not alone in wanting this layer of security.
I agree the sooner the better. I just got done linking sensitive information, and thought it would be a good idea to add my Yubikey or at least my authentication app as a 2FA, but was a worried that there were no options for this.
+1 for TOTP (authenticator type apps) for 2FA
Yup, 200% sketchy to use a website that contains secret information without 2FA.
Wave wants my 2FA to link my bank account, but won't secure itself with 2FA?
Whether by SMS text or an authenticator app such as Google Authenticator or Authy, you just gotta umplement this. Come on guys - this really is a no-brainer.
2FA is a must! Please implement ASAP.
@CodeMonkeyX @GlennF @Mor23 @MrSparkle @Wisecompany Thank you for sharing your feedback and thoughts. As @Ryan_W mentioned in his post above, two factor authentication is something that our teams are actively working towards.
Do you have a timeline for when this is scheduled for production?
+1
@Zachselfless @EranM Great question! It looks like back in March we didn't have an exact ETA on introducing the 2FA feature but I've reached out to Erik, one of the Application Support Specialists, for an update on whether or not there is an ETA at this point! We will update this thread as soon as we get the scoop!
@Zachselfless Just to chime in here. Our account access team currently doesn't have any plans to implement this any time soon -- but when/if we do, as Chelsea mentioned above, we will definitely update our users within this thread.
Is there an update on Two-Factor Authentication? Is Wave working to make this happened? Thanks
Hey @nando . No current plans to add this to the software, thanks for checking in though!
Sorry, but this is just unacceptable. As a financial services company, you really must do this. Its an industry standard. The potential liability facing Wave now is monumental, should an account get breached where 2FA would have prevented it. Please reconsider adding 2FA!
I would also like to add onto this, MFA/2FA is an absolute necessity for modern websites, especially one that handles sensitive information like financial data.
Add my 2 cents here and please get MFA/2FA! I can't believe this site doesn't have it yet - dealing with all this financial information and credit cards for customers, etc. Developers of Wave - please get MFA/2FA! It's critical.
I agree. This is surprising and concerning that it is not even on the schedule of new features. It seems almost reckless. Please address the community on this issue.
I guess people just don't see the fire till its at their doorstep.
I will echo @generalinq here - this is an absolutely crucial feature. I use Wave and I love it, but it's unbelievable that any finance-related service provider doesn't have 2FA... and doesn't even have plans to add it!
I'm a software engineering consultant, I've implemented 2FA. It's not very hard
Also on that note, when you add it (see I'm using "when", not "if"!), please offer non-SMS options, such as Google Authenticator/Authy/etc. SMS is notoriously hackable.
Yes. 2FA would bring so much more confidence to your product.
Level 1 PCI is essential for server and process hardening, but lets add an optional 2FA to secure our accounts as well.
Not only a huge value add, but borderline INSANE that it is not already supported.
I have read all the comments above.
I just wanted to add my support for this very important feature.