No password, no problem! Retiring passwords and introducing magic links



  • cam
    cam Expensify Customer Posts: 4 Expensify Newcomer

    I guess Expensify are just assuming we'll all give in and this pathetic system will be normalised. Completely disgusting response to customer concerns.

  • era428
    era428 Expensify Customer Posts: 1

    Worst idea ever. this has made using the app a PITA

  • TheTransplant
    TheTransplant Expensify Customer Posts: 1

    Adding my voice to this.

    1) Who decided that this was a good option - were the users involved? The first post looks like it was a unilateral decision?

    2) I practice inbox zero and abhor email. No option to get a text code? Faster and on Mac very convenient.

    3) No use of Apple, Google or other unified login to avoid this annoyance?

    However, it doesn't matter anyway as I have to use Expensify as mandated by the company, and perhaps you know that?

  • NaomiC
    NaomiC Approved! Accountant Posts: 1
    edited August 2023

    I agree with all of the above

    My prior work flow:

    1) click on password manager & type "expensify" <PWD manager goes to expensify & logs me in>

    2) Enter MFA from phone.


    1) click on password manager & type "expensify" <PWD manager goes to expensify & enters my email>

    2) Switch tabs & go to email

    3) Open email & copy number

    4) switch tabs back to Expensify, paste number

    5) Enter MFA from phone

    To some, the extra steps for getting a code from email may seem like not a big deal. To our staff who already are hesitant on doing expense reports...?? Well... let's just say

    "Expense reports that don't suck" just became "This sucks. Not doing it"

  • turbo2ltr
    turbo2ltr Expensify Customer Posts: 2 Expensify Newcomer

    "Our focus is protecting your Expensify account. It’s essential to lock your devices and use multi-authentication measures wherever possible. "

    So what you are saying is Expensify is abdicating security of Expensify accounts, telling us to use the industry standard security practices on our email, instead of doing the work and building their platform with an industry standard solution themselves. Got it. Makes perfect sense. "Oh your Expensify account was compromised? Sorry, I guess your IT people didn't secure your email using proper methods"

    I think this should be nominated for the worst security policy decision ever.

  • bengber
    bengber Expensify Customer Posts: 3 Expensify Newcomer
    edited September 2023

    Another vote for bringing back password authentication. I have no objection if 2FA is required, but the current solution is problematic.

  • corbin
    corbin Expensify Customer Posts: 1

    Please bring back the password. The magic code system is terrible, for many many reasons (security being a big one).

    Thanks, Corbin Dunn (Software Engineer)