Egregious Missing Feature Request: Multi-factor Authentication (MFA)

It is 2018, why don't you support MFA?

68replies Oldest first
  • Oldest first
  • Newest first
  • Active threads
  • Popular
  • I second that opinion!

    Reply Like 1
  • Hi Navy Blue Sander !

    Are you referring to MFA in order to link your bank accounts? That should be in place depending on the bank. Or are you referring to MFA for the mobile app? Right now, there isn't an option to set a passcode, but it's in the works! :)

    Reply Like
    • Faness at YNAB was referring to your app. 

      When we're sharing our bank login information with you (and any 3rd parties of yours, like Finicity and MX), it would go a long way to know that you guys are following best practices when it comes to authentication.  I work in information security and like everyone should be, I am very cautious about sharing important financial login information with anyone.

      At a minimum, even if you don't have MFA for your customers, I hope YNAB staff require 2FA/MFA for all administrative duties.  I'd hate for one of your folks to get phished, resulting in our money flying away. 💸

      Reply Like 3
    • Navy Blue Sander I can confirm that MFA is required for YNAB administrative accounts - those funds are staying put if we have anything to do with it. :)

      As for the app, we're working on the passcode feature to up security. I want to assure you that MX and Finicity aren't able to make changes to your actual bank accounts. Even if someone was to access your YNAB account, they'd know your account balances (as portrayed in YNAB) but account numbers and other sensitive information isn't accessible through our Direct Import partners. The only way this information could be seen, is  if a user chooses to write it into the notes section, which we Strongly advise against.

      Here are some highlights from our security policy:

      - All connections are encrypted and data is encrypted at rest.
       - We underwent a security audit and a database audit from one of the top consulting firms. This is done on an annual basis. 
       - Our password policy does not allow the top 1,000 passwords. By not allowing common passwords, we prevent customers from putting themselves at risk. 
       - To that end, we don’t store passwords. We do mathematical stuff to customer passwords so if the passwords do ever fall into the wrong hands, they still aren’t decipherable. 
       - We’re built on the same infrastructure as the CIA’s internal cloud service.

      We know more security is never a bad thing and the passcode feature is meant for just that! I'll let our development team know you're eargerly awaiting its implementation. :)

      Reply Like 2
  • *cough* yubikey support *cough*

    Reply Like 6
  • Yes, a "passcode" would be a step in the right direction.  But without any details, the word "passcode" is just that, not a real MFA solution. 

    The response about a passcode "it's in the works!" was posted 5 months ago.  In the modern age of CI/CD, the fact that you haven't produced an initial passcode solution is concerning.  As in very concerning

    I would like to also encourage you to research providing support for a Yubi Key solution.  As a side note, Google now requires all of their employees to use a MFA key solution, very similar to Yubi Key.  And your developers can find all that they need to know here:

    https://developers.yubico.com/

    Additional features around important security practices should really be at the top of your development list.

    Thanks for your consideration.

    Reply Like 2
    • Hi Magenta Mermaid !

      Thank you for posting that information! Would you mind submitting it via Feature Request? That form goes directly to our development team for future consideration. :)

      Reply Like
  • This response shows a ridiculous lack of concern for customer's welfare.  When the inevitable hack comes and everyone's personal financial information is released, then it will all of the sudden become important.  Meanwhile, no new meaningful features in years.  Where are our annual fees going?

    Reply Like 1
    • Hi Tomato Camera !

      One of the reasons we use a third-party direct import partner, is to add an extra layer of security. Your financial information (account numbers, routing numbers, etc.), is not stored in the app. Even if our systems were to be hacked, though we take a number of precautions to prevent that, that personal information would not be available. 

      However, a passcode option for the mobile app is still in our plans for the future! :)

      Reply Like 2
    • Faness How does the manner in which YNAB internally connects with bank accounts relate in any way to the concerns raised here?  How can you seriously say, after all this, that "Personal information would not be available"?  And to suggest that a passcode somehow addresses the concerns raised by so many here shows a complete lack of understanding of the security issues being raised.  I am beginning to lose any hope that YNAB takes security seriously.

      Reply Like 2
  • Thank you, Since Jessie and your developers and support people say they use YNAB and they seem to be very intelligent people using YNAB is low risk if you follow all their instructions and don’t put your actual account numbers or bank particulars anywhere in your budget(s).

    Reply Like 2
  • Still amazingly tone-deaf.  I am not talking about importing data or my bank account numbers.

    The budget data itself is incredibly sensitive personal data, including all transactions that have been imported for every credit card purchase and bank transaction.  This is protected *only* by a simple password.  This is NOT SAFE. 

    As the OP suggested, this is completely unacceptable and irresponsible in today's day and age.   Every other financial site has MFA through either a phone text verification code, google authentication, or something similar.

    YNAB used to be a desktop app.   YNAB forced our data into the cloud so they could collect a monthly subscription fee, then completely failed to protect our data in the cloud.  

    As you can see, they still don't even acknowledge that there is a problem.

    Reply Like 3
      • Herman
      • herman
      • 8 mths ago
      • Reported - view

      Tomato Camera  Excluding account number, user id, password, help me understand what transaction/budget data could possibly be used for?  I don't see the risk and would like to be educated. 

      Reply Like
      • a_different_joel
      • Helping people stay on YNAB4
      • A_different_joel
      • 8 mths ago
      • Reported - view

      Herman There's probably GPS information.  If you have a need for someone specific to not know where you live, and they were able to gain access to your budget, they could know where you've been or where you frequently purchase items and potentially show up there un-wanted.

      If you have personal information about medications, doctors, insurance etc in the memos or notes, this could also be taken advantage of. 

      Sure... suggesting everyone who uses the app to 'dont put sensitive info in your budget' just doesn't seem like a great way to go.

      (I am not a nYNAB user for other reasons, I would still use it without 2FA)

      Reply Like
      • Herman
      • herman
      • 8 mths ago
      • Reported - view

      a_different_joel That seems like a stretch to me but ok. I don't care about 2FA but I'll give it a 'slightly' elevated risk level based on that.

      Reply Like
      • a_different_joel
      • Helping people stay on YNAB4
      • A_different_joel
      • 8 mths ago
      • Reported - view

      Herman Same here.  Definitely a stretch.  I think they should do it just for the optics.  A “financial” (...budget) app without 2FA just appears lacking...  a missing checkbox on a feature list is all.

      Reply Like
      • Herman
      • herman
      • 8 mths ago
      • 1
      • Reported - view

      a_different_joel You may have hit on one of the reasons I'm indifferent,  I don't really consider a  budget app a financial app.  I agree with you on the optics.  I suppose all my ynab 4 data sitting on dropbox was a risk too.

      Reply Like 1
      • Brad Hull
      • Since YNAB Pro
      • sinceYNABPRO
      • 8 mths ago
      • Reported - view

      Herman 

      For sure that YNAB4 is a lot more vulnerable to hacking than the web YNAB version . 

      Reply Like
      • Beige Door
      • Beige_Door.3
      • 4 mths ago
      • 2
      • Reported - view

      Herman any information that a hacker gains about you can be used to impersonate you and create risk. Having detailed records of your spending habits and where you spend your money is huge security risk. You can review a Finra blerb about the risk here:

      http://www.finra.org/investors/alerts/know-you-share-be-mindful-data-aggregation-risks

      MFA should be a requirement. I know many people that refuse to use YNAB specifically because of the lack of MFA; Myself included.

      Reply Like 2
    • Beige Door ^^^THIS. THIS. THIS.  Would "upvote" if we were on Reddit. 

      Reply Like 1
  • Herman  Imported transaction data contains lots of neat things like: where your kids go to school, where they go to daycare and camp, what kind of car you drive, the names of the doctors and hospitals you visit, who your insurance company is, names of the financial institutions that you have accounts with, where you were every day for the last few years, where you like to shop and eat (and when), how much you paid in taxes, how much money you make each month, all of your favorite charities, who is your mortgage provider and payment. where and when you like to take vacations, to name just a few.

    If you think there's no risk, would you  consider scanning in all of your financial statements for the last 3 years, and post them here (after scratching out your account number)?  Probably not a good idea.

    Reply Like 1
      • Herman
      • herman
      • 8 mths ago
      • Reported - view

      Tomato Camera although not all that information is there, I'll assume it is and still ask, what is someone going to do with that?  

      Reply Like
    • Herman  First, which of the things that I mentioned would not be contained in someone’s imported transaction data, if they used a credit or debit card to pay for it?   

      Reply Like
      • Herman
      • herman
      • 8 mths ago
      • Reported - view

      Tomato Camera  How much you pay in taxes is not reflected anywhere but as I said I'll assume it is all there, what is someone going to do with it?

      Reply Like
    • Herman  Wrong.  I, like many, budget for taxes.  There is no need for assumptions.  Any other items in my list incorrect?  

      Reply Like
      • jenmas
      • jenmas
      • 8 mths ago
      • Reported - view

      Tomato Camera Whoa.  Herman is genuinely asking you a question on how Personally Identifiable Information can be used in a negative way. Many people don't understand the full risks that PII can pose and are under the impression that as long as SSN and account numbers are protected, so are they. Maybe cut the guy a break?

      Reply Like
      • Herman
      • herman
      • 8 mths ago
      • Reported - view

      Tomato Camera  If you can't or don't want to answer my question just say so

      Reply Like
      • Herman
      • herman
      • 8 mths ago
      • Reported - view

      Tomato Camera  Not to mention budgeting for taxes is not the same as importing tax data from your financial accounts, unless of course you don't have taxes withheld from your pay.  But I digress.  I will stipulate that all that data you listed is available in "your" budget.    Please answer my question or end this discussion.

      Reply Like
    • jenmas It seems that Herman is being disingenuous with his question, given the original tone and continued dismissal of the underlying assumptions.

      Nonetheless, one simple answer is identity theft.  Of course, there are also the infinite other possibilities in the criminal mind, that I won't presume to understand.  Herman seems very capable of googling terms like PII, cybersecurity, and other terms mentioned here to get answers he would trust more than mine.

      Reply Like 1
      • Herman
      • herman
      • 8 mths ago
      • Reported - view

      Tomato Camera actually my question was genuine and you chose to instead tell me what data was in the records.  Identity theft is certainly the logical assumption but I see very little risk of this data being used for identity theft.  I would love some specific examples of how.  I could see some social engineering use., possibly to help guess the answers to security questions but I thought maybe someone so adamant would have more specific ideas.  I did not dismiss the underlying assumptions, I indicated that not ALL that information is there in my opinion.  My "attitude" changed the minute you decided to aggressively challenge me without answering what should be a pretty straight forward question for someone so adamant that ynabs security policy shows a complete lack of concern for customers welfare.  

      Reply Like
  • Ahhh, it was as exactly I expected: a disingenuous question from a well-informed person, that  already knew the answer and had a solidly formed opinion.  This was very clear from the tone of your original question - as you were not really asking "to be educated".   All of the information I mentioned has a very good possibility of being in many peoples accounts - and I didn't even scratch the surface as you are well aware.

    Herman If you remain so confident in the lack of risk, why haven't you scanned in your bank/credit card statements from the last three years and posted them here (scratching out the account numbers, names and addresses).  Or simply export your budget and all transactions from YNAB to excel and post here.  What could anyone possibly do with it?

    I suspect that you are well aware of the risks, and won't post your data, but are choosing to play down the risks in defense of YNAB. 

    It is a shame that YNAB also plays down the risks.   If MFA isn't important, then their internal security protocols are not important.   It's the same attitude that so many companies have until there is a hack or data theft and everyone's very personal data is released.  Then all of the sudden we will hear things like "We take security very seriously at YNAB and will take all appropriate steps to ensure that this does not happen again".  Responsible companies do the right thing before it happens.

    Reply Like 2
      • Herman
      • herman
      • 8 mths ago
      • Reported - view

      Tomato Camera  Again, i have thoughts which i shared  but was hoping for more concrete examples as I am admittedly not that well informed.  I've tried to consider ways this data could be used and came up with a few low risk options (IMHO) and I wrongly assumed that those putting this out there as a massive security failure on ynab's part would have more ideas. 

      Honestly I don't understand your insistence that i scan data to "prove" my lack of concern for the risk from not having MFA. I'd much rather you explain to me what i'm missing in the risk department and then i can join the call for ynab to improve their security.    I suspect maybe you aren't that well educated on the topic and that is why you refuse to have a discussion about the real risks and continue to fall back on attacking me.  

      Reply Like
    • Tomato Camera  "It is a shame that YNAB also plays down the risks.   If MFA isn't important, then their internal security protocols are not important.   It's the same attitude that so many companies have until there is a hack or data theft and everyone's very personal data is released.  Then all of the sudden we will hear things like "We take security very seriously at YNAB and will take all appropriate steps to ensure that this does not happen again".  Responsible companies do the right thing before it happens." Well said.  

      Faness While we appreciate the step in the right direction with the app passcode, it is 1). Overdue 2). Not enough. As a YNAB customer, the security of our data should be at the top of the list. Speaking for myself YNAB is a very excellent product for doing what it intended to do. However, several folks in this thread have responded in favor of improved security. Would you please take this observation to the developers, and even Jesse, to get more weight behind it. 

      Herman I hope you come to understand the importance of MFA at some point if you have not already Google'd it.  This thread was more for security enthusiasts to voice their concern about a missing essential security feature and less about explaining its relevance. You should definitely keep researching MFA and information security, however, the YNAB forum probably is not the best place for that.

      @ Everyone At this point, I am going to unfollow this thread, have some scotch, submit MFA support via Feature Request and hope YNAB does right by us before a competent competitor shows its head with better security posturing. 

      Reply Like 1
      • Herman
      • herman
      • 8 mths ago
      • Reported - view

      Ivory Motherboard (b85dd6bb939c) another person that won't explain why it is so important in context of the data that ynab contains.  Thanks, google is no help there.  

      Reply Like
  • I also agree that the information in YNAB is confidential, above and beyond the banking integration credentials.

    Optional MFA would be one great way to alleviate a lot of concerns.

    First big reason: identity fraud

    • When I phone my bank's customer support, they verify my identity with a set of questions. The answers to some of the questions can be guessed from the data in my YNAB. For example, the bank asks "name two account types that you have with us", and your YNAB accounts may be named after their bank account products.
    • If you are the victim of identity fraud, your YNAB budget may reveal the existence of investments that the fraudster may not have been aware of before. Now those can become targets of fraudulent withdrawal transactions made in your name.

    Second big reason: privacy

    • Most your coworkers and bosses are pro-choice, but you donate to a pro-life charity. Or the other way around.
    • You're a paid subscriber of the "Seattle Antifa" or "Proud Boys Texas" or "The Swinging Life" or "Traditionalist Marriage" podcasts.
    • Consultations at urology clinics. Fertility treatments. Porn. Other transactions that may be embarrassing  if they leaked out.

    Third big reason: peace of mind

    • Since YNAB's data lives in the general vicinity of your finances, there's always going to be some concern. Without MFA, you have to think really hard whether there's something you overlooked that a criminal could misuse, and you'll always worry that you overlooked something, since you're not a security professional.
    • I'd rather have MFA and realise I don't need it, than not have it and realise too late I needed it.

    Herman , does this answer your question?

    Reply Like 2
      • Herman
      • herman
      • 8 mths ago
      • Reported - view

      Pieter Nagel yes, thank you,  those are good points.

      Reply Like
  • I can't second this strong enough! To everybody who has posted here: please send your 2FA/MFA requests to the proper ynab channel. This needs to happen asap. https://docs.google.com/forms/d/e/1FAIpQLSfNVCZCXFaokj9PjsnKXDau5-F2-cu-rdK9AgrBkdAa_xgjww/viewform

    Reply Like 1
  • shukhov I am afraid that it is hopeless.  Done that before.  When YNABs best response in this thread brags that "Our password policy does not allow the top 1,000 passwords." is a serious modern security policy and an app passcode is a solution, it's clear that they don't appreciate scope of the problem.  I've been requesting this feature since they forced us into the cloud (and started charging recurring fees).  They just do't get it.  It's a decent product, and I've given them all the leeway I can, but sad that they just want to collect the fees without investing in the product.  Will cancel and  start fresh in 2019 with something else.

    Reply Like 2
  • Hey everyone!

    I wanted to leave a quick link to our What’s Up Next page. If you take a look, you'll see that passcode authentication is now on the roster and coming soon! :)

    Reply Like
      • ebeth81
      • ebeth81
      • 5 mths ago
      • Reported - view

      Faness It does not appear that this MFA which is what the original poster was asking about.  If it is MFA then possibly the whats up next page should receive an update to the description.

      Reply Like
    • Hi ebeth81 !

      It is not. It's passcode authentication, which will allow requiring pin entry before accessing the account. It's an added step of security that I thought users in this thread would like to know about. :)

      Reply Like
    • I am stunned that, after reading all of the details above, that YNAB would be proud to announce this Passcode nothingburger of a solution.  It ranks just higher than their proud announcement above that their security policy will not allow us to use "password" (one of the top 1,000 passwords) as a password.  Woohoo. Move on.  YNAB is clearly not concerned with security.

      Reply Like
    • Faness 

      I've got to admit, when I read this post I laughed so loudly that my dog, in the basement, woke up. 

      Users: Loads of reasons why a passcode is completely insufficient and doesn't alleviate our concerns about YNAB's lackluster security offerings. 

      YNAB: Hey look! A passcode! A passcode! We've got a passcode! We have security so there cannot be any more security! 😂

      Reply Like
    • Tomato Camera Chin up, the good news is that if you use pass1234word$, you can use it because it probably is number 1006 on the list. 😉</sarcasm>

      Reply Like
  • If "passcode authentication" means that our YNAB accounts will now have both a PIN and a password, I have to give it a vehement thumbs down.

    For security-savvy users, there is no benefit to requiring a 5 digit PIN alongside your password that you don't get by just making your password a few characters longer. And security savvy users tend to user better passwords anyway, since they tend to be more likely have the infrastructure in place to manage their passwords better.

    For security naive users, adding a PIN is just a BDSM way to force them to use stronger passwords. But since these users tend to struggle with passwords more anyway, they'll just end up using 12345 as PIN, and the whole exercise is now of dubious value but definite annoyance.

    Reply Like 3
    • Pieter Nagel I freely admit I am assuming here but i don't think they mean you will have a oassword and a code to login, rather when you login to the mobile app you can lock it with a pin code so you can secure your account without re-entering your password, which is of limited use and had nothing to do with the requested multi factor authentication but i can see how the two could be confused by ynab's support staff.

       

      That said there is something to the idea that mfa might be overkill for ynab because unless u put sensitive info in notes it's pretty mundane stuff, if you really care how much i spent on groceries enough to hack my 20 character randomly generated password then by all means ill just tell you. Does that mean ynab should ignore supporting it, no but it will be a lower priority because ynab isn't trying to secure state secrets or anything of serious value.   And to say that it is an egregious meaning feature imho id just click bait and yes i fell for it

      Reply Like
    • Coral Battery 

      See my comment above as to why financial data in YNAB can be more sensitive than one would think.

      In a world where MasterCard, VISA, Paypal and Stripe are increasingly forcing companies to stop doing business with people whose politics they don't like , these concerns are just more urgent.

      As to protecting YNAB mobile with a pin, that's what the screen lock is for. I don't see any value. I hope the feature will be optional.

      Reply Like 1
    • Pieter Nagel if someone can call your bank and access your money simply by knowing what type of accounts then your issue should be with your bank not ynab.

      And as far as embarrassing transactions you choose what you name your payees if you're that concerned.

      Reply Like
      • Brad Hull
      • Since YNAB Pro
      • sinceYNABPRO
      • 5 mths ago
      • Reported - view

      Coral Battery

       Well said. YNAB in its existing design cannot create any transaction in any financial institution. YNAB has instructed users to NOT include any reference to the bank name, route numbers or account numbers any place  in any of your budgets.

      Reply Like
    • The concern is not that the information inside a YNAB budget will give hackers direct access to make financial transactions.

      The information in a YNAB budget can often contribute part of the information needed for identity theft, which when combined with information gleaned from elsewhere can indirectly lead to unauthorised transactions.

       

      For example, no one can impersonate me in a phone call to my bank just by knowing what type of accounts I have. But if in addition they also know a previous address or two, my current and previous employer, which trusts (if any) I have registered, and which properties I own, then they have a good shot at passing the random question security check.

      Further, I am not concerned that anyone will specifically target me personally and spend time to hack just my YNAB account. That's not how online fraud happens in most cases.

      Instead, if YNAB gets breached, then every YNAB users' password will effectively get posted on the black market. An enterprising hacker will realise they can use that to trawl the YNAB API, yielding a nice huge dataset they can again sell on the black market for money or fame. Another hacker will realise they can correlate that with other other information on the black market, and then find a few hundred people for whom they now have sufficient information to attempt identity theft.

      With MFA done right, that breach is now mitigated because they will need to steal my cellphone too before they can get at my data.

      Reply Like 2
    • Brad Hull .  As you say "YNAB has instructed users to NOT include any reference to the bank name, route numbers or account numbers any place  in any of your budgets." ... Agreed - they could not make a clearer statement or admission that we should have ZERO expectation that any information in YNAB is secured. 

      Reply Like
    • Pieter Nagel as you pointed our quite correctly the chances of your account being targeting is not likely,  if they're is a breach in ynab it won't come at the individual user level it will be a mass breach either of ynabs staff administrative access or directly into their database at which point it wouldn't even matter if you personally have mfa enabled because ynabs system at that level they will have every user's data regardless of your individual account settings so your best defense is awareness of what you put in ynab and not putting anything too sensitive like your ssn.

      That said if you really want to push ynab to secure their system they need well done client side data encryption that they don't have any way to decrypt but imo that's overkill for the data ynab has on MOST users,  though I concede that some user may or in super private info but that's not ynabs phone so it's really not their job to take the extrondonary efforts to secure that kind of data.

      Sounds like your bank might be your real security issue if they're security questions can be answered that easily.  You should really talk to them a lot their security procedures and see what you can do on their end,  maybe try to get them to invent a security question you the user can choose and stop a secure passphrase for your answer to that.

      And most importantly stop account activity alerts and if anything fraudulent does occur report it to your bank immediately.

      Reply Like
  • Faness by "passcode authentication" does YNAB mean a passcode for the phone app or the web app?

    Reply Like
      • Herman
      • herman
      • 5 mths ago
      • 1
      • Reported - view

      GlossyGot The link she shared indicates it is for the mobile app.

      Reply Like 1
  • I have used YNAB for a couple of years now but just became aware of the increasing threats to our online presence.  I have purchases Yubikeys for both my wife and I to protect our most sensitive data.  I would really like it if YNAB can support 2FA (Yubikey support would be preferred) really soon.  At this time, I am re-evaluating all of my software choices based upon their security and YNAB is currently lacking.  I appreciate it on so many other levels, but this can't be ignored in today's environment.

    Reply Like
    • Steel Blue Mill yubi keys are very nice but not even either of my banks support it, they just text me a code if i login from a new device. And they have way much more of a reason to support mfa than ynab, which as i mentioned would be as pointless as using a bank vault to store your pocket change,  way overkill for what risk is posed.

      Reply Like
  • Hi! Just curious what the ETA is for the MFA rollout?

    Thanks!

    Reply Like
    • Hi Ryan H !

      MFA as mentioned in this thread hasn't been confirmed yet. We don't currently have a release date set for the passcode feature on mobile, but it's in the works! :)

      Reply Like
      • Ben Khaki Storm
      • YNAB book topics online: https://support.youneedabudget.com/r/q5w48j
      • Khaki_Storm.1
      • 4 mths ago
      • Reported - view

      Faness what do you think of mt idea to have the community submit features in a uniform manner and then everyone who thinks it's important turns in the request(copy and paste like). I think that'd help support prioritize. Post is here https://support.youneedabudget.com/t/q5wa5s

      Reply Like
    • Ben K. It's a great idea!! It was the premise behind our Feature Request form. Your idea offers a few tweaked options on the form entry, but overall it's great!!

      Reply Like
    • DnA
    • IT manager, husband, father, YNAB podcast listener
    • Navy_Blue_Cup.2
    • 4 mths ago
    • Reported - view

    I just finished reading through this thread, and wow - there's a lot of passion around the desire to have MFA :-)  I'm an IT professional, and I've watched in amazement at the number of data breaches that have occurred over the last few years.  Hacker'\s have demonstrated one thing very clearly: if they want to execute a data breach, they can, and they will. Successfully.  The probability that it's just a matter of time before a data breach occurs is why there are many on this thread who are frustrated with the perceived apathy on YNAB's part.  The emphasis on perceived is because we don't really know what goes on behind the scenes, right?   

    That said, I have a few observations:

     1) From what I've read, implementing MFA from a development standpoint can be really expensive.  Like - REALLY expensive. Executing that would possibly result in a price increase.  I don't want that.

    2) As an interim step, YNAB could consider implementing Data Loss Prevention (DLP) protocols that would detect data that "looks" like sensitive info and prevent it from remaining in the notes field for each account. 

    3) Several people on this thread feel that YNAB is expensive, and that's a valid opinion. However, in comparison to some competing products that I won't mention here, I think that dollar for dollar the value of YNAB is really good. That's a biased opinion, mind you. I'm a bit of a YNAB  fanboy.

    4) I did a cursory review of a few other cloud-based budget solutions. Does it seem that they don't employ MFA either?  

    Reply Like
    • DnA the thing they need to realize is mfa will not protect against a most data breaches. It will stop someone from logging in if they know/figure out yout password but if the dont come in though the front door so to speak by logging in as you then mfa wont help. That said the data ynab has, unless you got some juicy notes in your account is pretty mundane. Its not like they can spend your money if they get access to ynab, even the mfa used by alot of banks is the more basic sms based which isnt the best option so really no surprise ynab dosent prioritize this.

      Reply Like
      • DnA
      • IT manager, husband, father, YNAB podcast listener
      • Navy_Blue_Cup.2
      • 4 mths ago
      • Reported - view

      Coral Battery  Yeah, I don't think anyone on here thinks MFA will protect against a data breach. Having it in place will do exactly what you described: prevent a hacker from accessing your data because they don't have access to that layer of authentication.  

      No juicy notes for me, LOL :-)

      Reply Like
    • DnA have u read some of the comments on here.  Its like since of these people think it's a magic cab never get hacked system.  In reality it can be good for the limited purpose it's designed for but seriously overkill for ynab.

      Reply Like
  • Too much heat and too little light. I think the discussion is going around in circles because we keep conflating separate issues:

    1. Is the data inside YNAB sensitive enough to warrant protection?
    2. Will MFA actually provide that extra protection or not?
    3. If so, is the added security sufficient enough to warrant YNAB spending resources to develop it?

    As far as I am concerned, number 1 is unequivocally true. Number 3 is up to Jesse and his company. But there is scope for reasonable people to disagree regarding point 2.

    Whether or not MFA adds security depends on how it is implemented. MFA is indeed, as others have pointed out, not a magic "make stuff secure" wand. Done wrong, it will not help. But done right, it can help greatly.

    For example, if YNAB budget data is actually encrypted at rest on YNAB's servers, and if MFA is implemented in such a way that the extra factors needed to log in also form part of the encryption key(s), then MFA will greatly increase security. Hackers could get in to YNAB's servers, and still not read your data without having access to your cellphone or your yubikey as well. (It is simply not true, as some claim on this thread, that if hackers get in to YNAB's servers, everything is lost).

    There is tremendous pressure on companies all over the world to implement encryption of their data at rest, driven by regulations like the EU's GDPR and the general trend of other countries enacting copycat regulations. The GDPR does not specifically say "thou shalt encrypt sensitive data at rest", but legal opinions tend to agree that encryption at rest is industry best practice, and if you don't do that, you'll have a hard time in court convincing the judge that you took "adequate measures" to protect sensitive personal information.

    The other way MFA can protect you is in situations like a public wifi hotspot. MFA (done right) will ring-fence the potential damage there, because whatever damage a hacker can do in that situation, at least they can not gain future access to your YNAB without also being in possession your cellphone/yubikey (or whatever second factor(s) YNAB chooses to implement).

    Reply Like
    • Pieter Nagel the encryption method you suggest would be completely separate from and unrelated to mfa.  How exactly are they supposed to use the constantly changing mfa code as the key. They could use a password derived key for this but this doesn't require or even use mfa bringing us back to usefulness.  If your feature request is encryption than I can agree in the value of this. Mfa not so much it would be a waste of development resources that brings limited value unless you worry about having your ynab account specifically targeted which is the only situation where mfa will help and no body has been able to provide any case for that being their concern.

      As I pointed out before the most likely source of a breach isn't someone targeting your account directly trying to log in as you it would be q backened hack which would bypass all authentication including your precious mfa and give all users access as you pointed out encryption combats this but is not connected in any way to mfa. Even if that worked that way can u seriously imagine a company saying we'll encrypt your data but only if you turn on this unrelated mfa feature... the best argument in support of mfa for ynab is to put the minds of users at ease, a placebo basically. My point has been and continues to be that the ynab devs have better features to worry about implementing. For what's it's worth they don't even seem all that keen on working on those so even if you disagree with me on this I think we can agree this request is probably falling on deaf ears like every other feature request. The good news is this really isn't as "egregious" as some users think it is. Your best argument in support of this is the perceived value rather than any real technical benefit for the use of ynab. Mfa is great in the right situations this just simply isn't it.

      Reply Like
      • Brad Hull
      • Since YNAB Pro
      • sinceYNABPRO
      • 3 mths ago
      • Reported - view

      Coral Battery 

      Thank you @Coral Battery very well said. There are a lot of very insecure anxious people these days, but it is also probable that they will draw the attention of those trolling for easy victims though I don’t think most don’t have much more than lots of credit card debt, like Texans say Big hat no cattle. Calm down. Going through you trashed paper work would be an much easier way to get sensitive information.

      Reply Like
  • Maybe its because I am a baby boomer and a little old fashioned, but this is a non issue for me. I love YNAB, but would never trust my details to go anywhere unencrypted. As a result I have my YNAB set up with unlinked accounts. I do manual imports when I want to reconcile to my bank account. The data inside of my YNAB budget is very anonymized and honestly, if someone hacked my account, I doubt they would even be able to determine my name.  None of my budget accounts contain any account information, user names or passwords. I keep all of that type of detail in an encrypted keepass file. Heck even my account names in my budget are fairly generic like "checking", "savings", "401K", etc.  I really don't have to worry too much about YNAB security as a result, and I lose nothing in the process except automatic importing of transactions. But the CPA in me is not comfortable with that anyway. I like to tic and tie to the bank statement. And because I reconcile every couple of days, the effort is not huge. YMMV but this works for me.

    Reply Like 1
Like9 Follow
  • Status Answered
  • 9 Likes
  • 3 mths agoLast active
  • 68Replies
  • 2731Views
  • 22 Following