Two Factor Auth for web app


#1

Now that we have video viewing on the web, it would be great (and more secure) if Canary would implement two factor auth for the web portal. Would be great if you could integrate with the various apps already out there (Duo, etc) but SMS codes would at least be a good start (even if SMS is no longer considered the best option).


Data Privacy: two-factor authentication
#2

Definitely a fan of this idea myself! I too would love to see two-factor be an option for the web-access!


#3

I think it is disturbing that a company that sells security products — and therefore should have security considerations foremost in their thinking — would need to have a community vote in order to make 2FA happen. Especially in this day and age.

Perhaps I’m being paranoid, but it gets me wondering about other security-oriented design decisions they made.

I think my future mode of operation will be to unplug my Canary device when I am home, and only plug it in when I will be going out for an extended period of time – at least until they implement some form of 2FA.


#4

Just logged into the web app for the first time in a long time… absolutely agree that two-factor would go a long way in confidence that unauthorized users are not getting access.

A bit of a feature enhancement that goes hand-in-hand with MFA would be viewing active sessions across various devices and providing the ability to terminate a session for a device to force a login (hopefully with MFA). You can see this executed well with Google and Facebook who allow you to see the devices logged into the account and when they were most recently active.

Also this topic by @Chirp is asking for the same thing and can likely be rolled in here.


#5

Personal data is important. No matter how encrypted it is, if it is only protected by a password, then it isn’t very secure.

Requesting that Canary would add two-factor authentication and/or google authenticator to the account login process.


#6

I think this is worth combining with similar topic here: Two Factor Auth for web app and broadening to the entire login process.


#7

Thanks for the suggestion, I am merging the topics now!


#8

I’m surprised this isn’t an option for the Web portal especially as Canary Community accounts provide two factor support. Please implement this feature Canary.


#9

SMS is no longer considered a secure method of two-factor authentication. App-based TOTP and U2F security keys should be available as potential options. I also think 2FA should apply to logging into the app on a cell phone, too.

Related:
each family member on an account should have their own 2FA methods defined
the owner of the account should have the ability to enforce/require 2FA for all family members who are granted access


#10

Agreed! My ex-boyfriend was helping me with setup of my Canary view. He had logged into my account on his phone and apparently my login information automatically saved to his device. I totally forgot about it and realized later that he had total access to viewing everything from the time it was setup until about a month later when I changed my password! I would love to see a functionality that would allow the user to see all active sessions across any devices that are currently accessing the Canary. And, it would be even better if the user could force terminate any unauthorized sessions (only the administrator should have such rights). At minimum though, two factor authentication is a must have for users accessing their account via the mobile app and the web.