No password, no problem! Retiring passwords and introducing magic links

2»

Comments

  • cam
    cam Expensify Customer Posts: 4 Expensify Newcomer

    I guess Expensify are just assuming we'll all give in and this pathetic system will be normalised. Completely disgusting response to customer concerns.

    Flag · Accept Answer Off Topic Insightful Vote Up Awesome
  • era428
    era428 Expensify Customer Posts: 1

    Worst idea ever. this has made using the app a PITA

    Flag · Accept Answer Off Topic Insightful 1Vote Up Awesome
  • TheTransplant
    TheTransplant Expensify Customer Posts: 1

    Adding my voice to this.

    1) Who decided that this was a good option - were the users involved? The first post looks like it was a unilateral decision?

    2) I practice inbox zero and abhor email. No option to get a text code? Faster and on Mac very convenient.

    3) No use of Apple, Google or other unified login to avoid this annoyance?

    However, it doesn't matter anyway as I have to use Expensify as mandated by the company, and perhaps you know that?

    Flag · Accept Answer Off Topic Insightful 1Vote Up Awesome
  • NaomiC
    NaomiC Approved! Accountant Posts: 1
    edited August 1

    I agree with all of the above

    My prior work flow:

    1) click on password manager & type "expensify" <PWD manager goes to expensify & logs me in>

    2) Enter MFA from phone.

    Now:

    1) click on password manager & type "expensify" <PWD manager goes to expensify & enters my email>

    2) Switch tabs & go to email

    3) Open email & copy number

    4) switch tabs back to Expensify, paste number

    5) Enter MFA from phone

    To some, the extra steps for getting a code from email may seem like not a big deal. To our staff who already are hesitant on doing expense reports...?? Well... let's just say

    "Expense reports that don't suck" just became "This sucks. Not doing it"

    Flag · Accept Answer Off Topic Insightful 1Vote Up Awesome
  • turbo2ltr
    turbo2ltr Expensify Customer Posts: 2 Expensify Newcomer

    "Our focus is protecting your Expensify account. It’s essential to lock your devices and use multi-authentication measures wherever possible. "

    So what you are saying is Expensify is abdicating security of Expensify accounts, telling us to use the industry standard security practices on our email, instead of doing the work and building their platform with an industry standard solution themselves. Got it. Makes perfect sense. "Oh your Expensify account was compromised? Sorry, I guess your IT people didn't secure your email using proper methods"

    I think this should be nominated for the worst security policy decision ever.

    Flag · Accept Answer Off Topic Insightful 1Vote Up Awesome
  • bengber
    bengber Expensify Customer Posts: 3 Expensify Newcomer
    edited September 7

    Another vote for bringing back password authentication. I have no objection if 2FA is required, but the current solution is problematic.

    Flag · Accept Answer Off Topic Insightful 1Vote Up Awesome

Categories