2FA/MFA for the Console
The Neon console doesn't have 2FA for logins, just the password is enough. Which in my opinion is a huge vulnerability, because nowadays leaks and hacks happen all the time (both on hosted services, and on user machines), so all crucial systems must have at least 2FA options or ideally multiple to help mitigate.
The database being the most important asset of a system by holding personal, business and operation data, should also provide safe authentication.
From what I saw Neon Auth also doesn't have 2FA for app users. That should be in the backlog as well, but I think protecting the actual console is even more important to work on. Would love to know if it's in consideration, planned or being developed! Cheers
From what I saw Neon Auth also doesn't have 2FA for app users. That should be in the backlog as well, but I think protecting the actual console is even more important to work on. Would love to know if it's in consideration, planned or being developed! Cheers
7 Replies
yappiest-sapphireOP•2w ago
This was first requested/suggested almost two years ago guys....
https://discord.com/channels/1176467419317940276/1182844778417750079
flat-fuchsia•2w ago
Hey!
Indeed this has been asked for before, but typically we recommend enforcing 2FA using an OAuth provider instead. So, signing in with Google and having some form of 2FA on your Google account instead.
yappiest-sapphireOP•2w ago
This is not enough, because we login with email only.
You guys should be the enforcer of 2FA
Do you understand the product need?
flat-fuchsia•2w ago
We always appreciate the feedback, and our roadmap is very much demand based. I'll add this thread to our feature request doc to strengthen this request, along with the others.
yappiest-sapphireOP•2w ago
I just think is such a basic security feature that you guys should not have to wait for people to ask.
Its like building a food delivery app without the option to track the courier, you shouldn't need users to ask for it, you provide from the start or early on cause it's important. The analogy applies to database platforms, reinforced security should be default.
You could argue that every one has a definition of basic and default, but for security it's more generalized. Everybody has that demand, just don't say out loud.
Appreciate any love you could give to this
fair-rose•2w ago
+2 for this, would be more secure for production deployments
flat-fuchsia•2w ago
I'll add your +1 to the document as well, thank you for your input!