Recherches récentes


Pas de recherche récente

Troy Johnston's Avatar

Troy Johnston

Adhésion le 22 oct. 2021

·

Dernière activité le 23 mars 2023

Suivis

0

Abonnés

0

Activité totale

28

Votes

9

Abonnements

11

APERÇU DES ACTIVITÉS

Dernière activité effectuée par Troy Johnston

Troy Johnston a ajouté un commentaire,

Commentaire de la communauté Feedback - Ticketing system (Support)

Salvador Vazquez Please can we re-issue your update without the jargon to ensure all parties internationally are understanding you.

EAP?  Extensible Authentication Protocol? - cant see relevance

Some may not understand GA.

H2?  Please provide month or date.  Sorry this must be a US terminology.

Please lift your game Zendesk.  People have been waiting a long time for this obvious weakness.  Clear commitment and communication is what we seek.

Afficher le commentaire · Modification le 23 mars 2023 · Troy Johnston

0

Abonnés

2

Votes

0

Commentaire


Troy Johnston a ajouté un commentaire,

Commentaire de la communauté Feedback - Ticketing system (Support)

Hello Barkha,

I emailed straight back, but perhaps it didn't get through.  Yes - please setup the zoom.  I understand you're the PM.  I would certainly appreciate any attendance with us from IT Security or Architecture within the discussion.

Please let's communicate moving forwards not via a public forum.

Regards,

Afficher le commentaire · Publication le 28 déc. 2022 · Troy Johnston

0

Abonnés

0

Votes

0

Commentaire


Troy Johnston a créé une publication,

Publication Feedback - Ticketing system (Support)

Hi Zendesk,

I have requested a conversation directly with your IT Security or Enterprise architecture team.  Please have them contact me directly.

2FA has been poorly implemented.  Business software should not permit users to have control over whether to use 2FA each login or not.  That is a decision of each company administrator.

Will Zendesk re-consider and take action on this yourselves?  

 

A very simple fix - provide admin the ability to set default on user ability to disable any trust by user to their device for 30 days.  Hence permit admin to lock this as "None" so that the sessions will expire as per the other 2FA settings.

It is interesting that Zendesk think of IT security as simply a 'feature' and not a mandatory component.  Users will never upvote IT security in comparison to bells n whistles features.... right now there is extreme risk to being hacked or otherwise breached.

Right now the implementation provides some misleading assurance of being secure and using sessions.  The current implementation does leave Zendesk open to potential legal action I would believe should Personally Identifying (PI) or sensitive data be stolen via a breach.

This would be straight-forward to remediate by implementing the common design that permits admin to enforce 2FA.

Please note that as a very small company we do not have intention or capability to implement SSO.  However we do have copies of PI and possibly sensitive information within our tickets and we do take information security seriously and would like to see Zendesk make an uplift here to properly secure your 2FA design - for everyone's benefit.

I'd like to see Zendesk take the lead here.

There have been other requests on this same question for 12 months without action.  Please do not leave IT Security for a popular up-vote before acting.

It is so important.

Regards,
Troy

Publication le 18 déc. 2022 · Troy Johnston

2

Abonnés

4

Votes

2

Commentaires


Troy Johnston a ajouté un commentaire,

Commentaire de la communauté Feedback - Ticketing system (Support)

Hi Caroline,

It is interesting that Zendesk think of IT security as simply a 'feature' and not a mandatory component.  Users will never upvote IT security in comparison to bells n whistles features.... right now there is extreme risk.

It is not a great answer though, Zendesk.  Sincerely the 2FA implementation is flawed.  2FA in a business context is meant to be implemented as a scheme that permits administrators to make the use of this mandatory.  

The current implementation does leave Zendesk open to potential legal action I would believe should Personally Identifying (PI) or sensitive data be stolen via a breach.

This would be straight-forward to remediate by implementing the common design that permits admin to enforce 2FA.

Why will Zendesk not consider and take action on this yourselves?  

It would be a relatively simple change to lock down the user screens to no longer permit the 30 day 'trust'.

Please note that as a very small company we do not have intention or capability to implement SSO.  However we do have copies of PI and possibly sensitive information within our tickets and we do take information security seriously and would like to see Zendesk make an uplift here to properly secure your 2FA design - for everyone.

I'd like to see Zendesk take the lead here.

Regards,
Troy

Afficher le commentaire · Publication le 16 déc. 2022 · Troy Johnston

0

Abonnés

3

Votes

0

Commentaire


Troy Johnston a ajouté un commentaire,

CommentaireExtending Zendesk

Hello.  As 2FA Session management has not been securely implemented (to mandate users must use 2FA with every login event) I would like to establish an automation to achieve:

At 7pm each night - destroy all active sessions.

Can you please provide guidance to this.
- I have established a webhook that calls the Sessions API and is authenticated via token.
- How to build the automation that is preferably time dependant.  I imagine the logic will need to be something like:  Loop through all open sessions - destroy each active session.

I am not a developer, and at this time I can't see how to achieve this in automation.  Please do provide some detailed guidance - especially given the 2FA implementation is not secure.

Thanks,

Afficher le commentaire · Publication le 13 déc. 2022 · Troy Johnston

0

Abonnés

0

Votes

0

Commentaire


Troy Johnston a ajouté un commentaire,

CommentaireGlobal security and user access

Hi Christine, Zendesk,

This is a significant security flaw in Zendesk implementation of 2FA.  2FA ought to be bundled with ability for administrator to mandate use of 2FA with every login event.  Leaving this up to the user breaks our security rules (and we are just a tiny company).

This leaves us exposed to hacking.

What we dont understand is the Sessions can clearly be set to expire.... and yet this does not sign out the user?  Or properly kill the session.  The implementation is flawed, unfortunately.

Will Zendesk take this seriously and implement an Admin enforcement?  This should never be a user decision.

Afficher le commentaire · Publication le 12 déc. 2022 · Troy Johnston

0

Abonnés

5

Votes

0

Commentaire


Troy Johnston a ajouté un commentaire,

CommentaireSetting up Agent Workspace

Why then am I being informed my migration/upgrade will be automatically processed in early August?!  I understood this was not required.  As per Nikki above - we use email only - and I can only see a negative impact to our team by this change.   (Why are messages now located with the latest at the bottom?!) - There must be a configuration available for us to flip this as this will have a huge impact on us.
Please help.

Afficher le commentaire · Publication le 14 juil. 2022 · Troy Johnston

0

Abonnés

1

vote

0

Commentaire


Troy Johnston a ajouté un commentaire,

CommentaireViews, ticket status, and ticket fields

Agree with all

Christopher Reichle has honestly excellent points and well summarised the larger picture of feature request management practice and process by design.  

@... please dont take his comments personally.  I found his submission to be respectful, thoughtful, transparent, trusting and honest from his perspective. 

I do agree the evidence on this request and a range of others demonstrate that the ZD process of gathering customer feedback and decision making on features to enter the approved backlog to warrant improvement.

I do hope ZD will incorporate change in this area.... be agile, be daring and be communicative to your customer's requests.

Afficher le commentaire · Publication le 29 mai 2022 · Troy Johnston

0

Abonnés

3

Votes

0

Commentaire