Mattermost-server: Support Google Auth as 2FA on Team Edition

Created on 10 Aug 2017 · 2Comments · Source: mattermost/mattermost-server

Summary

2FA is basic security

Steps to reproduce

2FA is just missing from the account settings

Expected behavior

Google auth second factor enabled in accounts settings

Observed behavior (that appears unintentional)

Google auth second factor not available to users.

Source

cybershambles

👍2

Most helpful comment

Hey, @lindy65.

I agree with @cybershambles here. In today's world there are more breaches than ever. A large number of small groups without the money to spend on an enterprise-grade chat solution rely on Mattermost as a primary meeting place for their communities. To this end, it is _not cool_ denying people a basic step they could potentially take to keep their accounts secure.

With WebAuthn rapidly gaining steam, it's easier than ever to implement 2-factor authentication into an application. Why must Mattermost keep such an essential security feature from users who don't pay? It's so important now that GitHub now allows organisations to force their users to enable 2-factor authentication.

sbrl on 30 Jun 2019

👍4

All 2 comments

Hello @cybershambles,

Thank you for your feedback. Per product documentation, Mattermost is intended to serve as "modern communication behind your firewall" and deployment instructions include using a VPN with MFA.

MFA without a VPN client is available in Enterprise Edition. If you'd like to request a trial licence for your corporation, you can do so here: https://about.mattermost.com/trial/