Fix 2FA to be mandatory - Secure our data pls
Hi Zendesk,
I have requested a conversation directly with your IT Security or Enterprise architecture team. Please have them contact me directly.
2FA has been poorly implemented. Business software should not permit users to have control over whether to use 2FA each login or not. That is a decision of each company administrator.
Will Zendesk re-consider and take action on this yourselves?
A very simple fix - provide admin the ability to set default on user ability to disable any trust by user to their device for 30 days. Hence permit admin to lock this as "None" so that the sessions will expire as per the other 2FA settings.
It is interesting that Zendesk think of IT security as simply a 'feature' and not a mandatory component. Users will never upvote IT security in comparison to bells n whistles features.... right now there is extreme risk to being hacked or otherwise breached.
Right now the implementation provides some misleading assurance of being secure and using sessions. The current implementation does leave Zendesk open to potential legal action I would believe should Personally Identifying (PI) or sensitive data be stolen via a breach.
This would be straight-forward to remediate by implementing the common design that permits admin to enforce 2FA.
Please note that as a very small company we do not have intention or capability to implement SSO. However we do have copies of PI and possibly sensitive information within our tickets and we do take information security seriously and would like to see Zendesk make an uplift here to properly secure your 2FA design - for everyone's benefit.
I'd like to see Zendesk take the lead here.
There have been other requests on this same question for 12 months without action. Please do not leave IT Security for a popular up-vote before acting.
It is so important.
Regards,
Troy
-
First off, thanks a ton for your feedback. I am Product Manager for Authentication and have taken over from Caroline :) I saw you commented on this thread too https://support.zendesk.com/hc/en-us/community/posts/4408868399386-Hide-the-dialog-box-when-2-Factor-authentication I want to acknowledge that your inputs are valid and your request is under consideration, we are planning to invest in 2FA feature in the next year and I will add this feature request. If you want to chat further I can send you a Zoom invite, let me know. Thanks again for your feedback and happy holidays!
-
Hello Barkha,
I emailed straight back, but perhaps it didn't get through. Yes - please setup the zoom. I understand you're the PM. I would certainly appreciate any attendance with us from IT Security or Architecture within the discussion.
Please let's communicate moving forwards not via a public forum.
Regards,
Please sign in to leave a comment.
2 Comments