Duda Multi-Factor Authentication

Options

This has been discussed a while back on the Facebook groups and I know it's in the 'backlog' on the ideas board (I've voted for it) but I'd like to raise it here also. Is there any intention of adding Multi-factor Authentication ability to Duda logins? I assume because it's in the backlog if there is it's not in the near future.

I know that it's currently possible if you go the route of using a Google account rather than using the email address method to create the account but that's a workaround, not a solution as it locks off an account option and instead forces the need for everyone to have a Google Account.

There are constantly reports in the news of sites and SaaS systems being compromised. Having MFA available whilst not a magic bullet would go a long way to making Duda more secure 'and appealing' (Other platforms like Squarespace and Wix have it).

Yes, nothing has happened but I feel that's likely a 'yet'. If a client's account password is able to be accessed via phishing or other means then their site could be compromised. If one of our agency account passwords is compromised then all of our clients' websites could be compromised which is a scary thought as we move more clients over to Duda.

I hope that security features like MFA are constantly being worked on and the ideas board isn't a popularity contest because boring but important functions could be overlooked for the pretty new thing.

I really like Duda, its flexibility and ability to quickly get sites up and running. The addition of Flex has certainly added to that. I just want to be sure that we're not heading for a possible future disaster.

Comments

  • Aj_Cre8
    Aj_Cre8 Member Posts: 673 MVP
    Options

    Great points to bring up @Alastair_Manning. For reference to anyone who is interested in voting here is the link to the Idea.

    You will see that this idea is in the Backlog. Meaning Duda will implement it, they just don't know when. Maybe we can get some official info from Duda on this post @Sheyla.

  • Alastair_Manning
    Alastair_Manning Member Posts: 24
    Options

    Hi @Sheyla just following up on Aj's post to see if you have any official info on this?

  • community_manager
    community_manager Administrator, Moderator Posts: 301 Duda Staff
    Options

    Hi @Alastair_Manning

    I wanted to drop a quick update here - as @Aj_Pfeil mentioned, this feature is currently in Backlog.

    Once we have more information or the development status changes, I'll be sure to let you know!

  • Mark_Nichols
    Mark_Nichols Member Posts: 1
    Options

    I really need this feature to move forward with some clients. Almost every other platform has MFA and it is sad that I can't answer these security questions when talking to a client about doing their website.

    Do we have any update at all on this?

  • Alastair_Manning
    Alastair_Manning Member Posts: 24
    edited June 2023
    Options

    I'm being asked again by our technical director where this is at also. As recently there has been an article in our local news 'Newsroom website victim of IT security issue - fake article published under byline of prominent editor'. Not a Duda site but that's not the point. Really surprised that this doesn't appear to be seen as a priority by Duda. @community_manager any update considering Amir said it was important in a Dudacon video over a year ago now! https://www.youtube.com/live/98GKeGcsvgA?feature=share&t=4818