Two Factor Authentication (2fa) Support
Please offer two factor authentication or Two Factor Authentication (2FA) support for SplitWise.
Thanks for suggesting this! I’ll leave this under review for now.
We do currently include support for a passcode/fingerprint lock on our mobile apps.
I second this like every other users in the comments.
Like Marian, I also noticed the issue about this subdomain being served only via HTTP. I sent a separate request to the support about this.
These two "issues" aren't doing any favor to Splitwise and encourage me to look further for alternatives.
Please consider this a requirement if I am to consider paying for your service, especially since it involves records of financial transactions.
2FA/MFA is one of the easiest methods to strongly secure user accounts, ideally through the use of a 2FA/MFA app rather than simply SMS. The importance of this feature really cannot be overstated, and the fact that this is being 'considered' for three years does not inspire much confidence in me.
To be fair, I think the service is useful and would like to encourage its use, however as a security professional I have strong concerns about this missing feature.
Additionally, it also appears that the feedback.splitwise.com subdomain is served only via HTTP and should be secured with an SSL/TLS certificate.
Thank you kindly for your consideration
Is there any news about this now ?
Would really appreciate it if we could set up a 2FA app alongside the password
No SMS provider needed as most people have a 2FA code generator now
please. passcode fingerprint is not the same how out of touch can you be with users?
Has this been considered further? Any respectable app in 2020 that handles sensitive information should have 2FA as an option.
Please implement this soon..the street signs are getting really annoying.
Yes, since this app handles financial information, I'm also hoping this will be implemented soon. And as others have mentioned, please let us use an authenticator app since SMS is not as secure. A security key option would also be great.
a security vigilante commented
passcode/fingerprint ? how about basic sms or time based otp ? under review, seriously ?
You expect your customers to write here highly confidential information including financial, location even details of hotel names and dates without proper security measures ?
your security posture and awareness does not give any hope for your backend.
I would like to be enable 2 factor authentication and possibly use an app to generate the code, because I entrust Splitwise with highly sensitive financial information.
Fernando Carletti commented
That would be awesome! Waiting for it. It should be there already since it is an app that handles finances.