Please add 2FA capabilities to the Rachio account/controller/app.
If you do, please don’t make it mandatory. Especially if authentication apps are not supported (as in 2fa via text / email only). And please, please, please don’t add a nagging screen asking for 2fa to be activated on the accounts who choose not to do so.
Sorry, sore subject for me. I prefer random, secure, dedicated email & password for each account, generated / managed by a good password manager. Having 99+ unread sms messages due to 2fa keys I’m forced to use is slowly getting under my skin. I can’t tell if I’ve missed a message from someone, just because I don’t go through the trouble of actually clicking on each, and every, 2fa message I get. I use the code from preview and the phone is dumb enough not to realize I’m done with it.
Sorry for a rant. Somewhat of a sore subject for me.
I agree with @Gene . Even if 2FA is enabled, it should be possible for the rightful owner to access the account from a web browser anywhere in the world, without having access to a specific mobile device. Possibilities include alternate 2FA mechanisms such as email or answering security questions.
I agree, this is needed for security, The key to make usable is to support standard authenticator apps. SMS / text messages are no longer secure as a second factor so please don’t implement SMS.
I’d say mirror and implement what this community forum has for 2FA; I use an authenticator app.
Right. That’ll do nicely.
+1 for MFA (Personally I prefer Authenticator apps)
However, there needs to be a way to preauthorize 3rd party app integration.
I have to keep MFA disabled on some things as once enabled it no longer integrates with our home automation software due to a lack of preauthorization options. With MFA enabled on Rachio and no way to preauth it would likely break my HomeSeer integration.
Microsoft “app passwords” is one of a few examples of how to do this.
Agreed, the app-specific password approach is probably the most suitable for Rachio.
It’s a pretty big deal to have some additional controls on Rachio. Security breaches have the potential to quite expensive and problematic.