Now that we have video viewing on the web, it would be great (and more secure) if Canary would implement two factor auth for the web portal. Would be great if you could integrate with the various apps already out there (Duo, etc) but SMS codes would at least be a good start (even if SMS is no longer considered the best option).
Definitely a fan of this idea myself! I too would love to see two-factor be an option for the web-access!
I think it is disturbing that a company that sells security products — and therefore should have security considerations foremost in their thinking — would need to have a community vote in order to make 2FA happen. Especially in this day and age.
Perhaps I’m being paranoid, but it gets me wondering about other security-oriented design decisions they made.
I think my future mode of operation will be to unplug my Canary device when I am home, and only plug it in when I will be going out for an extended period of time – at least until they implement some form of 2FA.
Just logged into the web app for the first time in a long time… absolutely agree that two-factor would go a long way in confidence that unauthorized users are not getting access.
A bit of a feature enhancement that goes hand-in-hand with MFA would be viewing active sessions across various devices and providing the ability to terminate a session for a device to force a login (hopefully with MFA). You can see this executed well with Google and Facebook who allow you to see the devices logged into the account and when they were most recently active.
Personal data is important. No matter how encrypted it is, if it is only protected by a password, then it isn’t very secure.
Requesting that Canary would add two-factor authentication and/or google authenticator to the account login process.
I think this is worth combining with similar topic here: Two Factor Auth for web app and broadening to the entire login process.
Thanks for the suggestion, I am merging the topics now!