I would like to request that two-factor authentication (2FA) be implemented on the Netlify platform. To be specific, I’d like to request time-based one-time passwords (TOTP) through an application like Google Authenticator as well as U2F hardware tokens such as YubiKey and similar. 2FA through SMS is no longer considered a secure form of 2FA.
Netlify has control of some seriously important things, so protecting your account should require more than a standard password.
Please let me know what you think and if it is already in the roadmap.
We’ve got it in our feature request list to add that if you’re signing up to Netlify with the email/password combo.
For now, though, we recommend that if you need 2FA then sign up to Netlify with your google or github account and enable hardware specific-2FA on those instead, and that’ll grant you the equivalent level of protection.
We’ll let you know if we implement something like that - we do have an open feature request on it and will add this thread to the list of folks to notify if things change around our implementation.
@nraboy I’m with you, but I figured I’ve already authorised Netlify with GitHub and GitHub has u2f, so I deleted my Netlify account and re-signed up using my GitHub account. Note that you can change you email Netlify address having done that.
I don’t want to use my GitHub or Google account, as I like to keep all my accounts separate too, like @nraboy, in case one is compromised, for extra privacy, and to avoid an extra dependency. I want to be free to delete any account I have anytime without compromising any others.
thanks for commenting on this. We know this is a desirable feature for many different reasons. I have added your voice to the chorus on the issue, @danielrlc!
hey @Wdotis, I don’t have any updates at the moment, I’m afraid, but I did mention that there is still a strong interest in this being implemented on the relevant issue. I’ll absolutely update this thread when we get any news. Thanks for your patience.
+1 I’d like to also voice my strong support for 2-factor on email+pass accounts. My email account is more secure than my GitHub/GitLab/BitBucket accounts, so it’s a shame that I can’t use 2-factor with it.
Netlify is the last major service I still use that doesn’t support 2-factor natively.
I just tested this (by installing microsoft authenticator on my phone and enabling 2FA on one of my netlify accounts) and was able to get it working no problem! Doesn’t mean i don’t believe its happening to you, but maybe it is something specific to your phone or your account?
Are you able to log in via a different 2FA device? are you able to get log in to your netlify account or are you logged out with no access? let us know and we can keep troubleshooting.
