Categories
Announcements

Introducing Two-Factor Authentication (2FA)

Here is a small and handy addition for having an extra level of security for the accounts.

Two-factor authentication is a widely-used mechanism for making sure that the account is only reachable by you and Uptime Robot now supports it.

Two factor authentication

The feature can be found at My Settings>Two-Factor Authentication (2FA) menu and you can choose to use your favorite authenticator app like Google Authenticator, Authy.. for activating it.

Once activated, the login pages will ask for the authentication code (besides the password) which can only be generated with your authenticator app (and, we are working on adding this feature to various other actions besides the login).

Hope that it helps for a better experience :).

39 replies on “Introducing Two-Factor Authentication (2FA)”

This is very good news, but for our enterprise use we would prefer being able to associate multiple U2F security keys, as many systems like Google currently allow.

Also: what about backup mechanisms (SMS, static “backup codes”, etc.)? Is the only backup/safeguard option to save a copy of the initial secret key and use it to configure a new TOTP device?

Thanks!

Hi Peter,

thank you for your feedback, we will reconsider it. For now, unfortunately, there are no other backup options.

Great move, adding 2FA. But the recovery question with fixed questions isn’t. I should be able to come up with the question myself.

Happy to see 2FA being rolled out! There is one small issue, you dont currently provide the key with the barcode. This is needed for two reasons, a) if you are setting up 2FA from your mobile phone, it isnt possible to scan the barcode. And b) people need to be able to save the key in order to restore their token in the event that they lose/replace/wipe their mobile device.

Thank you for adding support for the best form of 2FA out there (Google Authenticator).

I’ve been through the nightmare of having lost my 2FA device before and know how painful it is with all of the challenges involved with resetting a 2FA link, so I always immediately back up my secret random string (that’s part of every 2FA setup). I’m sure many others aren’t as diligent when setting it up and will eventually lose their 2FA device. Your way of setting up a secret security question+answer is an excellent solution to the lost 2FA device problem. Kudos to UptimeRobot’s development team.

UptimeRobot is an awesome product all around. Thanks for everything. You guys rock!

That’s awesome, thanks!

Would be nice to see Webauthn as well – tapping a security key is a lot faster than having to type out codes. Having multiple second factors would also let us avoid having to create fallback security questions.

Thank you for your feedback, Alex! We appreciate it and will reconsider it in the future 🙂

While 2FA is great in this case – it would be great if you allowed SAML login access to the platform as well. That would be a great additional layer of identity security in terms of accessing uptime robot in an enterprise environment.

Wait. You replaced the password with the token? You took away a factor. It’s one factor authentication.

Also, no option to use a text code to add to an Authenticator app? QR code only?

Who implemented this? You’ve made your system massively more unsecure

Hi Martin,

thank you for reaching out to us, there are more changes planned at the moment, we will reconsider the 2FA in the future too, so stay tuned! 🙂

Hey,
It would be nice to actually have multiple users that can login in the company platform.

Nice feature nevertheless

Hi there,

thank you for your feedback! This feature is already planned and will be added soon 🙂

Hi John,

in that case, I am sure you will be able to solve it with our customer support!

Hi Jonathan, thank you for your feedback, we will reconsider it, there are more changes planned at the moment.

Hi Uptime Robot Team,

First off, you are doing an amazing job and I love the product!! Also, thank you for making it possible to use an app instead of SMS, I much prefer this method.

I want to bring awareness to FreeOTP as another alternative to Google Authenticator and Authy. It is often left out of 2FA software discussions, yet it is a free and open source option that is just as powerful as its competitors.

https://freeotp.github.io/

All the best,
Jason
Absorbing Chaos LLC

I understand that this service might not be high risk, but this implementation of 2FA is bad. It is stupid to not only allow anyone, who can answer the security question, to remove 2FA, but requiring users to set one as well, effectively undermining the 2FA entirely. Furthermore, the security questions encourage users to use potentially public or inconsistent/unstable information as their “secondary password”. Generate random recovery codes instead like any decent 2FA implementation.

Furthermore, you ask the user which question they selected when they activated 2FA. So if the users do as they are encouraged to and answer truthfully, they still either have to write down the security question (???) or brute force their way in if they lose their 2FA key.

Hi Niklas,

thank you for your feedback, we will reconsider it, there are more changes planned now 🙂

Is there any plans for SSO through Azure AD? 2FA is awesome, but it would be even better if we could integrate sign in rules through Azure AD. Most applications now are allowing SSO for one screen login to all enterprise applications.

Hi Stephen, this is not planned yet, but thank you for the idea! We will reconsider it.

Leave a Reply

Your email address will not be published. Required fields are marked *