Egregious Missing Feature Request: Multi-factor Authentication (MFA)
It is 2018, why don't you support MFA?
Yes, a "passcode" would be a step in the right direction. But without any details, the word "passcode" is just that, not a real MFA solution.
The response about a passcode "it's in the works!" was posted 5 months ago. In the modern age of CI/CD, the fact that you haven't produced an initial passcode solution is concerning. As in very concerning.
I would like to also encourage you to research providing support for a Yubi Key solution. As a side note, Google now requires all of their employees to use a MFA key solution, very similar to Yubi Key. And your developers can find all that they need to know here:
Additional features around important security practices should really be at the top of your development list.
Thanks for your consideration.Reply
Still amazingly tone-deaf. I am not talking about importing data or my bank account numbers.
The budget data itself is incredibly sensitive personal data, including all transactions that have been imported for every credit card purchase and bank transaction. This is protected *only* by a simple password. This is NOT SAFE.
As the OP suggested, this is completely unacceptable and irresponsible in today's day and age. Every other financial site has MFA through either a phone text verification code, google authentication, or something similar.
YNAB used to be a desktop app. YNAB forced our data into the cloud so they could collect a monthly subscription fee, then completely failed to protect our data in the cloud.
As you can see, they still don't even acknowledge that there is a problem.Reply
Herman Imported transaction data contains lots of neat things like: where your kids go to school, where they go to daycare and camp, what kind of car you drive, the names of the doctors and hospitals you visit, who your insurance company is, names of the financial institutions that you have accounts with, where you were every day for the last few years, where you like to shop and eat (and when), how much you paid in taxes, how much money you make each month, all of your favorite charities, who is your mortgage provider and payment. where and when you like to take vacations, to name just a few.
If you think there's no risk, would you consider scanning in all of your financial statements for the last 3 years, and post them here (after scratching out your account number)? Probably not a good idea.Reply
Ahhh, it was as exactly I expected: a disingenuous question from a well-informed person, that already knew the answer and had a solidly formed opinion. This was very clear from the tone of your original question - as you were not really asking "to be educated". All of the information I mentioned has a very good possibility of being in many peoples accounts - and I didn't even scratch the surface as you are well aware.
Herman If you remain so confident in the lack of risk, why haven't you scanned in your bank/credit card statements from the last three years and posted them here (scratching out the account numbers, names and addresses). Or simply export your budget and all transactions from YNAB to excel and post here. What could anyone possibly do with it?
I suspect that you are well aware of the risks, and won't post your data, but are choosing to play down the risks in defense of YNAB.
It is a shame that YNAB also plays down the risks. If MFA isn't important, then their internal security protocols are not important. It's the same attitude that so many companies have until there is a hack or data theft and everyone's very personal data is released. Then all of the sudden we will hear things like "We take security very seriously at YNAB and will take all appropriate steps to ensure that this does not happen again". Responsible companies do the right thing before it happens.Reply
I also agree that the information in YNAB is confidential, above and beyond the banking integration credentials.
Optional MFA would be one great way to alleviate a lot of concerns.
First big reason: identity fraud
- When I phone my bank's customer support, they verify my identity with a set of questions. The answers to some of the questions can be guessed from the data in my YNAB. For example, the bank asks "name two account types that you have with us", and your YNAB accounts may be named after their bank account products.
- If you are the victim of identity fraud, your YNAB budget may reveal the existence of investments that the fraudster may not have been aware of before. Now those can become targets of fraudulent withdrawal transactions made in your name.
Second big reason: privacy
- Most your coworkers and bosses are pro-choice, but you donate to a pro-life charity. Or the other way around.
- You're a paid subscriber of the "Seattle Antifa" or "Proud Boys Texas" or "The Swinging Life" or "Traditionalist Marriage" podcasts.
- Consultations at urology clinics. Fertility treatments. Porn. Other transactions that may be embarrassing if they leaked out.
Third big reason: peace of mind
- Since YNAB's data lives in the general vicinity of your finances, there's always going to be some concern. Without MFA, you have to think really hard whether there's something you overlooked that a criminal could misuse, and you'll always worry that you overlooked something, since you're not a security professional.
- I'd rather have MFA and realise I don't need it, than not have it and realise too late I needed it.
Herman , does this answer your question?Reply
I can't second this strong enough! To everybody who has posted here: please send your 2FA/MFA requests to the proper ynab channel. This needs to happen asap. https://docs.google.com/forms/d/e/1FAIpQLSfNVCZCXFaokj9PjsnKXDau5-F2-cu-rdK9AgrBkdAa_xgjww/viewformReply
shukhov I am afraid that it is hopeless. Done that before. When YNABs best response in this thread brags that "Our password policy does not allow the top 1,000 passwords." is a serious modern security policy and an app passcode is a solution, it's clear that they don't appreciate scope of the problem. I've been requesting this feature since they forced us into the cloud (and started charging recurring fees). They just do't get it. It's a decent product, and I've given them all the leeway I can, but sad that they just want to collect the fees without investing in the product. Will cancel and start fresh in 2019 with something else.Reply
If "passcode authentication" means that our YNAB accounts will now have both a PIN and a password, I have to give it a vehement thumbs down.
For security-savvy users, there is no benefit to requiring a 5 digit PIN alongside your password that you don't get by just making your password a few characters longer. And security savvy users tend to user better passwords anyway, since they tend to be more likely have the infrastructure in place to manage their passwords better.
For security naive users, adding a PIN is just a BDSM way to force them to use stronger passwords. But since these users tend to struggle with passwords more anyway, they'll just end up using 12345 as PIN, and the whole exercise is now of dubious value but definite annoyance.Reply