...10months later and now acquired by H&R Block... but still no 2FA implementation. Time to seriously starting looking at the competitors (even though I think Wave is a great product).
I can't believe this isn't implemented already. It's HIGHLY irresponsible from any company having access to bank accounts to not have multiple factors of authentication implemented.
I won't use WaveApps as long as there's no 2FA or MFA (and not with just sms, it needs OTP and/or other forms) implemented and would advise anyone using Wave to stop using it and remove their bank accounts from there as long as it's not done.
It makes me wonder if they even have a bug bounty program or any security programs or plans in place... If not, then this accounting website must be swiss cheese to anyone willing to take a closer look security-wise.
We're talking about a platform that deals with financial records of both personal and businesses accounts. MFA/2FA should absolutely be a necessity to operate in this space. It is shocking to me this hasn't been prioritized higher.
I was looking to start doing personal accounting with waveapps and realized it would increase the amount of data available to the login by 10 fold. So I went to Profile > Password and looked for the two-factor option I knew had to be there.
It isn't. So i found this thread. I'm in agreement with the other folks here. It is not really acceptable for a web SaaS that integrates with banks and can perform payments to not offer two factor authentication.
This should really be required by law, but given regulation is slow--waveapps should do the right thing and add this relatively simple feature.
Finally, I'd presume that the waveapps employees in this thread are required to use 2FA for many of their own accounts--especially those for the company. How can this feature be denied without some kind of explanation for why it is being held back? What could be higher priority than user account security?
Ditto--especially to the last post, as it expresses my exact situation, and it is truly staggering to hear the assertion from Wave folks that it simply won't be added.
If the problem is that the solutions you are considering cost money per successful auth, and you don't want to bear that for free account holders, then at least offer it as an option where WE must bear the cost. I would happily pay it, which should be pennies per successful auth. It is, for instance, with Authy, which charges 9 cents per successful authentication.
Many of us may not login that often anyway, so it would be a VERY small price to pay for greater security! Or if it seems pay-per-use won't fly, offer a fixed price add-on that offers 2FA for wave logins as a monthly cost. Sure, you may "lose" some with those who login often, but you may well profit from the balance of users who don't.
2FA has no costs other than the programmer's hours to integrate it. It is quite alarming this is not built into the authentication functions for storing some pretty sensitive data. If someone jacks your cookie, they can take over your session and login easily.
I've been a customer for a while and I've been nervously waiting for this to be released. Today, I finally found this thread and I am at a loss for words to understand why this isn't priority number one. I can't think of one feature that would be more important than this. It's incredibly irresponsible. I suppose it's also irresponsible for me to continue using your product. This leads me to believe that protecting customer data isn't really that important to Wave Financial. This thread started in 2018 for goodness sakes! Come on! Your dev teams should drop all your cool new feature plans and do this immediately. It would certainly be painful to leave, but I'm guessing that is what you guys are banking on. Sorry to be so harsh, but I believe this is justified.
Hi everyone, thank you for voicing your feedback here. I can see it is a highly important feature to everyone commenting here. At this point, I have no further updates to provide but we appreciate the additional ideas provided in your responses for implementing this.
I just wanted to start using Wave apps but will wait a bit until MFA is implemented before I share more personal information.
I'll watch this thread for updates on that.
I've been a happy Wave customer for years. In the last 6 months, I have switched everything to 2FA after some identity theft scares. That this company is not keeping up with security concerns and staunchly refuses to implement this safety measure is a deal-breaker. Starting the search for new accounting software. Such a bummer.
I'm in the process of complying with a recent security audit for my business. Lack of 2FA is an absolute deal breaker for me. I'm faced with the decision of failing to comply with the audit or immediately looking into migrating my business elsewhere.
I've happily used Wave for years and I've been fairly pleased both with the application and level of customer service. Honestly, it would be one thing if for whatever reason you did not have 2FA. 15 months of requests for the feature met by backpedaling and excuses is another.
The only sympathy I can muster for Wave on this issue is by grading on a curve; its been my experience that consumer security in the US banking industry has ranged from inadequate to shockingly incompetent for decades. Several of the largest consumer banks in the US do not have 2FA despite similar lipservice.
I'll be migrating as soon as I can arrange it to a comparable service offering 2FA. I'd be happy to come back when Wave takes the security of their customers in a less cavalier fashion.
Bump. I've been a Wave user for years but am finally incorporated and want to make full use of the accounting and other financial tools, not just making invoices. 2020 is already a few years late to implement 2FA but better late than never... Will sadly continue using Quickbooks Self-Employed in the meantime. Please give this the attention it deserves, it really is a deal-breaker.
Respectfully, in today's environment 2FA is pretty much table stakes for any kind of financial SAS application.
2FA is not rocket science to implement - there are zillions of examples of this pattern out there.
Please prioritize this necessary feature and provide an ETA to this community ASAP.
I've been silently waiting for this feature for over a year.
I really like Wave and don't want to have to start the process of looking at taking my business elsewhere because of something this silly. But I will if you guys can't get your minds wrapped around how incredibly important this is to your customers.
I've been looking for an alternative to Quickbooks. But lack of 2FA is deal breaker, QB is not free I wouldn't mind 2FA being a premium feature. But complete lack of 2FA means I have to look elsewhere...
Hey all, thank you for your continued feedback in this thread. At present, we still do not have any updates to give as far as the addition of 2FA within Wave. Thank you for your continued patience as we work to build Wave to be the best platform it can be for business owners like yourselves.
@ConnorM It's hard to believe you want us to use Wave for our "Business Debit Cards" but are in no rush to implement basic security features. Come on guys! This should be top priority!
@JamieD We are now getting offers to use wave as a "Business Debit Card", but you still don't have 2FA. You guys seriously need to rethink your priorities. Security first!
Would we be able to get an update regarding this? Has this been prioritized at all, on any roadmap? This is a critical feature that puts Wave in a minority of platforms that don't support this feature in regards to those that handle financial data like this.
At this time we have not heard of any updates regarding this. My apologies for delivering this news. I understand the demand for this and I wish I could offer an ETA at this time, but unfortunately we don't have an update. Keep posting here to generate more discussion!
At this time we have not heard of any updates regarding this. My apologies for delivering this news. I understand the demand for this and I wish I could offer an ETA at this time, but unfortunately we don't have an update. Keep posting here to generate more discussion!
I understand, that is quite unfortunate. If it is at all possible, I would be willing to provide my business accounts into a private beta if this feature becomes available through any channel. This is a high priority for those of us that look for that level of security.
A cloud financial app with no 2FA? I was going to use Wave, but I will have to go with a different product. Surprising in this day and age. Perhaps the H&R Block acquisition will help to accelerate the adoption of this feature.
It is very clear Wave has no intention to implement 2FA and that is a deal breaker for me.
I have already started to research for my new secure cloud based accounting platform to my surprise many free and low cost options are out there. The big question is, how secure are they.
Comments
...10months later and now acquired by H&R Block... but still no 2FA implementation. Time to seriously starting looking at the competitors (even though I think Wave is a great product).
I can't believe this isn't implemented already. It's HIGHLY irresponsible from any company having access to bank accounts to not have multiple factors of authentication implemented.
I won't use WaveApps as long as there's no 2FA or MFA (and not with just sms, it needs OTP and/or other forms) implemented and would advise anyone using Wave to stop using it and remove their bank accounts from there as long as it's not done.
It makes me wonder if they even have a bug bounty program or any security programs or plans in place... If not, then this accounting website must be swiss cheese to anyone willing to take a closer look security-wise.
We're talking about a platform that deals with financial records of both personal and businesses accounts. MFA/2FA should absolutely be a necessity to operate in this space. It is shocking to me this hasn't been prioritized higher.
I was looking to start doing personal accounting with waveapps and realized it would increase the amount of data available to the login by 10 fold. So I went to Profile > Password and looked for the two-factor option I knew had to be there.
It isn't. So i found this thread. I'm in agreement with the other folks here. It is not really acceptable for a web SaaS that integrates with banks and can perform payments to not offer two factor authentication.
This should really be required by law, but given regulation is slow--waveapps should do the right thing and add this relatively simple feature.
Finally, I'd presume that the waveapps employees in this thread are required to use 2FA for many of their own accounts--especially those for the company. How can this feature be denied without some kind of explanation for why it is being held back? What could be higher priority than user account security?
Security of records is of the utmost importance, I agree this should be very high priority.
Ditto--especially to the last post, as it expresses my exact situation, and it is truly staggering to hear the assertion from Wave folks that it simply won't be added.
If the problem is that the solutions you are considering cost money per successful auth, and you don't want to bear that for free account holders, then at least offer it as an option where WE must bear the cost. I would happily pay it, which should be pennies per successful auth. It is, for instance, with Authy, which charges 9 cents per successful authentication.
Many of us may not login that often anyway, so it would be a VERY small price to pay for greater security! Or if it seems pay-per-use won't fly, offer a fixed price add-on that offers 2FA for wave logins as a monthly cost. Sure, you may "lose" some with those who login often, but you may well profit from the balance of users who don't.
2FA has no costs other than the programmer's hours to integrate it. It is quite alarming this is not built into the authentication functions for storing some pretty sensitive data. If someone jacks your cookie, they can take over your session and login easily.
I've been a customer for a while and I've been nervously waiting for this to be released. Today, I finally found this thread and I am at a loss for words to understand why this isn't priority number one. I can't think of one feature that would be more important than this. It's incredibly irresponsible. I suppose it's also irresponsible for me to continue using your product. This leads me to believe that protecting customer data isn't really that important to Wave Financial. This thread started in 2018 for goodness sakes! Come on! Your dev teams should drop all your cool new feature plans and do this immediately. It would certainly be painful to leave, but I'm guessing that is what you guys are banking on. Sorry to be so harsh, but I believe this is justified.
Hi everyone, thank you for voicing your feedback here. I can see it is a highly important feature to everyone commenting here. At this point, I have no further updates to provide but we appreciate the additional ideas provided in your responses for implementing this.
I just wanted to start using Wave apps but will wait a bit until MFA is implemented before I share more personal information.
I'll watch this thread for updates on that.
ETA for 2FA Please!
Nuff said.
EmmaP, this thread won't age well if you have a security incident.
I've been a happy Wave customer for years. In the last 6 months, I have switched everything to 2FA after some identity theft scares. That this company is not keeping up with security concerns and staunchly refuses to implement this safety measure is a deal-breaker. Starting the search for new accounting software. Such a bummer.
I'm in the process of complying with a recent security audit for my business. Lack of 2FA is an absolute deal breaker for me. I'm faced with the decision of failing to comply with the audit or immediately looking into migrating my business elsewhere.
I've happily used Wave for years and I've been fairly pleased both with the application and level of customer service. Honestly, it would be one thing if for whatever reason you did not have 2FA. 15 months of requests for the feature met by backpedaling and excuses is another.
The only sympathy I can muster for Wave on this issue is by grading on a curve; its been my experience that consumer security in the US banking industry has ranged from inadequate to shockingly incompetent for decades. Several of the largest consumer banks in the US do not have 2FA despite similar lipservice.
I'll be migrating as soon as I can arrange it to a comparable service offering 2FA. I'd be happy to come back when Wave takes the security of their customers in a less cavalier fashion.
Seconding push for 2FA!
Bump. I've been a Wave user for years but am finally incorporated and want to make full use of the accounting and other financial tools, not just making invoices. 2020 is already a few years late to implement 2FA but better late than never... Will sadly continue using Quickbooks Self-Employed in the meantime. Please give this the attention it deserves, it really is a deal-breaker.
Respectfully, in today's environment 2FA is pretty much table stakes for any kind of financial SAS application.
2FA is not rocket science to implement - there are zillions of examples of this pattern out there.
Please prioritize this necessary feature and provide an ETA to this community ASAP.
I've been silently waiting for this feature for over a year.
I really like Wave and don't want to have to start the process of looking at taking my business elsewhere because of something this silly. But I will if you guys can't get your minds wrapped around how incredibly important this is to your customers.
Thanks
I've been looking for an alternative to Quickbooks. But lack of 2FA is deal breaker, QB is not free I wouldn't mind 2FA being a premium feature. But complete lack of 2FA means I have to look elsewhere...
Hey all, thank you for your continued feedback in this thread. At present, we still do not have any updates to give as far as the addition of 2FA within Wave. Thank you for your continued patience as we work to build Wave to be the best platform it can be for business owners like yourselves.
@ConnorM It's hard to believe you want us to use Wave for our "Business Debit Cards" but are in no rush to implement basic security features. Come on guys! This should be top priority!
@JamieD We are now getting offers to use wave as a "Business Debit Card", but you still don't have 2FA. You guys seriously need to rethink your priorities. Security first!
Would we be able to get an update regarding this? Has this been prioritized at all, on any roadmap? This is a critical feature that puts Wave in a minority of platforms that don't support this feature in regards to those that handle financial data like this.
Hey @ocxually
At this time we have not heard of any updates regarding this. My apologies for delivering this news. I understand the demand for this and I wish I could offer an ETA at this time, but unfortunately we don't have an update. Keep posting here to generate more discussion!
I understand, that is quite unfortunate. If it is at all possible, I would be willing to provide my business accounts into a private beta if this feature becomes available through any channel. This is a high priority for those of us that look for that level of security.
A cloud financial app with no 2FA? I was going to use Wave, but I will have to go with a different product. Surprising in this day and age. Perhaps the H&R Block acquisition will help to accelerate the adoption of this feature.
It is very clear Wave has no intention to implement 2FA and that is a deal breaker for me.
I have already started to research for my new secure cloud based accounting platform to my surprise many free and low cost options are out there. The big question is, how secure are they.