Recent searches


No recent searches

Concern Regarding the "Don't ask again for this computer for 30 days" Option

Planned


Posted Dec 27, 2024

Dear Zendesk Team,

I would like to raise a concern regarding the authentication feature in Zendesk that allows users to select "Don't ask again for this computer for 30 days."

While I understand that this functionality is designed to improve user convenience, it introduces significant security risks, particularly in corporate environments where security must be a top priority.

  1. Reduced Effectiveness of Two-Factor Authentication (2FA):
    This option bypasses the second factor of authentication for an extended period, effectively downgrading 2FA to password-only authentication during that time. This significantly undermines the security purpose of 2FA, which is intended to protect against risks such as phishing or credential theft.
  2. Risk from Compromised Devices:
    If a device is shared, stolen, or accessed improperly, attackers can easily bypass the additional protection offered by 2FA. The locally stored token or cookie used to "remember" the device can be exploited if compromised, potentially exposing associated accounts.
  3. Impact on Compliance and Security Policies:
    Organizations adhering to strict data protection regulations or security policies may find it challenging to justify the use of this feature, as it undermines the principles of multi-factor authentication.

Recommendations:

  • Enable administrators to disable this option at the account level, enhancing security for organizations with stringent policies.
  • Reduce the "remember me" period to a more secure timeframe, such as 7 days, or implement periodic reconfirmation of credentials.
  • Provide logging or alerts in the Security Center when users utilize this option, offering greater control and visibility for administrators.

Thank you for your attention to this matter. I would appreciate understanding what measures might be implemented to enhance the security of this feature.

Best regards,


1

2

2 comments

image avatar

Emily Reidy

Community Product Feedback Specialist

Hey Vinicius,
 
Thank you for taking the time to provide us with your feedback. This has been logged for our PM team to review. For others who may be interested in this feature request, please add your support by upvoting this post and/or adding your use case to the comments below. Thank you again!

0


image avatar

Caroline Kello

Zendesk Product Manager

Hey Vinicius - I completely agree with you and we have plans to address this setting this year. Appreciate you taking the time to leave such detailed feedback. 

0


Please sign in to leave a comment.

Didn't find what you're looking for?

New post