We're experiencing abnormally high support volume that has created a backlog delaying our responsiveness. Please visit our status page for more details and to subscribe to updates.
Does Expensify have any plans to enable Two-factor authentication?
jbaxter
Posts: 55Approved! Accountant Expensify Admirer
Security is always a focus for us, especially anything to do with payments.
Has Expensify considered adding this as a feature?
Best Answer
-
Conor Pendergrast
Posts: 84 Expensify Team
Hey Jodie, thanks for the added context! This isn't something that we're explicitly looking at for now.
On the assumption that your group is typically managing reimbursement through Expensify (on behalf of your clients), I'd suggest that it's worth the first step of looking at implementing an SSO tool internally. That'll control for the the most important risk, and make sure that your own accounts are not compromised here (and can't be used to reimbursed reports improperly)
Answers
Hey Jodie, happy Monday to you! Does Lumina use a single sign-on product like OneLogin, Okta or Google SAML?
That's how our more security-minded and enterprise/ public customers enforce additional layers of security requirements across multiple products (including Expensify), including multi-factor authentication
- Spam
- Abuse
- Report
0 · Off Topic Insightful Vote Up AwesomeHi @Conor Pendergrast Thanks for the response. The company I work for is an outsourced accounting group. As our clients are external, enabling SSO is out of our control.
- Spam
- Abuse
- Report
0 · Off Topic Insightful Vote Up AwesomeWe were recently hacked by a group in China. We must close every door possible. There is nothing comparable to the security and the ease of use provided by multi-factor authentication. If Expensify chooses not to offer this security, we will have to look other places for this service.
- Spam
- Abuse
- Report
0 · Off Topic Insightful Vote Up AwesomeHi @mdtomerlin, thanks for joining the Community and taking the time to share on this thread.
I'm happy to say that we're currently working on adding native multi-factor authentication, and once it's released we'll be sure to update the Product Updates category here in the Community!
The best alternative in the meantime, is to make use of any SAML integration and their own native multi-factor authentication. By making SAML required for login for all users on your domain, you can easily restrict access to users controlled by your internal IT team.
Cheers!
- Spam
- Abuse
- Report
1 · Off Topic Insightful Vote Up 1AwesomeAny update on the two-factor authentication front? I'm actually very surprised this isn't a feature in Expensify yet. I would love to if there are any updates on when users can expect this feature?
- Spam
- Abuse
- Report
0 · Off Topic Insightful Vote Up AwesomeNo update as of yet, @schiweck as I'm sure you can also understand that it's a complex piece of engineering that requires absolute attention to detail...but you'll know as soon as we've posted about it in Product Updates, like Sheena mentioned!
- Spam
- Abuse
- Report
0 · Off Topic Insightful Vote Up AwesomeNew Expensify user here. Have my Fidelity account set up for 2FA, so Expensify won't connect. Seems like a stretch to ask your customers to reduce their security for all devices, logins, and software just to do an Expensify direct deposit. Is there an alternative within Expensify?
- Spam
- Abuse
- Report
0 · Off Topic Insightful Vote Up AwesomeHi @RonR, not at this stage! We'll keep this thread posted though 😊
- Spam
- Abuse
- Report
0 · Off Topic Insightful Vote Up Awesome