Does Expensify have any plans to enable Two-factor authentication?
jbaxter
Posts: 42 Expensify Admirer
Security is always a focus for us, especially anything to do with payments.
Has Expensify considered adding this as a feature?
Best Answer
-
Conor Pendergrast
Posts: 58 Expensify Success Coach
Hey Jodie, thanks for the added context! This isn't something that we're explicitly looking at for now.
On the assumption that your group is typically managing reimbursement through Expensify (on behalf of your clients), I'd suggest that it's worth the first step of looking at implementing an SSO tool internally. That'll control for the the most important risk, and make sure that your own accounts are not compromised here (and can't be used to reimbursed reports improperly)
Answers
Hey Jodie, happy Monday to you! Does Lumina use a single sign-on product like OneLogin, Okta or Google SAML?
That's how our more security-minded and enterprise/ public customers enforce additional layers of security requirements across multiple products (including Expensify), including multi-factor authentication
- Spam
- Abuse
- Report
0 · Off Topic Insightful Vote Up AwesomeHi @Conor Pendergrast Thanks for the response. The company I work for is an outsourced accounting group. As our clients are external, enabling SSO is out of our control.
- Spam
- Abuse
- Report
0 · Off Topic Insightful Vote Up AwesomeWe were recently hacked by a group in China. We must close every door possible. There is nothing comparable to the security and the ease of use provided by multi-factor authentication. If Expensify chooses not to offer this security, we will have to look other places for this service.
- Spam
- Abuse
- Report
0 · Off Topic Insightful Vote Up AwesomeHi @mdtomerlin, thanks for joining the Community and taking the time to share on this thread.
I'm happy to say that we're currently working on adding native multi-factor authentication, and once it's released we'll be sure to update the Product Updates category here in the Community!
The best alternative in the meantime, is to make use of any SAML integration and their own native multi-factor authentication. By making SAML required for login for all users on your domain, you can easily restrict access to users controlled by your internal IT team.
Cheers!
- Spam
- Abuse
- Report
1 · Off Topic Insightful Vote Up 1Awesome