Two-factor authentication

šŸŒŸFeatures
#21

Dear All,
first of all, many thanks to @ Art_Stnk for bringing up this topic. I gather from the earlier correspondence that the present conversation is the latest on the topic of 2FA, so I thought that I would add my two centsā€™ worth here. I have nothing to contribute on the earlier discussion as far as the technical aspects are concerned - I simply want to second Art_Stnkā€™s request for a proper, stand-alone 2FA procedure. I am considerably restricted in my use of Dynalist as long as I cannot protect my account with 2FA and I hope that this feature becomes available soon. Dynalist is a powerful tool, but the missing 2FA means that I am constantly looking for alternatives that I would also be able to use professionally.

Kind regards
Knut

1 Like
#22

Like many other users of Dynalist (218+ people right now) I would like a proper, stand-alone 2FA. Because I do not want to rely on Google/big tech for 2FA.

@Shida Could you also add support for U2F security keys for Dynalist 2FA? (Like the Yubikey)

1 Like
#23

I hope we never switch from Googleā€™s world-class artificially backed 2FA SSO with thousands of phD computer scientist security researcher eyes on itā€™s codebase. It will demand my yubikey just because I logged into dynalist in a new town. Itā€™s great. Or at least keep the option for those of us not jazzed about ever trusting some from-scratch reinvention of the wheel. There are other ways to protest big tech politics. At least ask for Apple SSO or Facebook SSO. What free 2FA codebase are you folks clamoring for? Cryptography isnā€™t something you want to ask any small programming team to implement themselves.

#24

We will likely be looking into time-based tokens (TOTP) for 2FA as a first step. Every company implements 2FA a bit differently, some with stricter restrictions (if you lose it, you lose access forever vs customer support can ā€œresetā€ your 2FA). Will think about it.

4 Likes
#25

#2fa

The most unhelpful feature ever made in humanity so far. if you lose anything with an account, you lose everything. Just look at the endless problem people have with google. Have 2fa turned off for everything. Anything with 2fa on by default, I run light years away.

#26

Really looking forward to native 2FA support being added to Dynalist. As a service which may store sensitive data, the lack of 2FA support is a major omission. Hopefully the work required is relatively minimal and support can be made available in the near future.

1 Like
#27

Just had te relog to Dynalist and Iā€™m reminded again how itā€™s the only sensitive service Iā€™m using that just instantly lets me login without TOTP.

On the off-chance something of mine gets leaked on my side (through malware or otherwise), Iā€™d really prefer my Dynalist to be kept secureā€¦

1 Like
#28

Just had te relog to Dynalist and Iā€™m reminded again how itā€™s the only sensitive service Iā€™m using that just instantly lets me login without TOTP.

Hey ditto!

#29

If you donā€™t want a non-2FA password login available donā€™t register one in the first place. Make a new dynalist account straight from Google 2FA SSO login. Done.

Google boycotters keep bumping this thread because they still refuse to use the Google SSO 2FA available to them :yawning_face: