email verification masquerading as 2FA

The email verification masquerading as 2FA is very inconvenient and relies on the customer to have access to their Pipedrive associated email account on the same device on which they are logging into Pipedrive. Competing applications are smarter and use Authenticator apps or push notifications. When will this be changed as it interrupts workflow and restricts access for those with valid credentials?

3
3 votes

· Last Updated -

Comments

  • Andre Vill
    Andre Vill Posts: 138
    100 Comments Second Anniversary 5 Likes First Answer
    edited April 2022 #2

    I 100% agree with this. I am using 2FA from my phone most of the time for other apps and our company employees don't have access to our email domain inbox, so if our Pipedrive asks for any verification, it's pretty much a waiting game until our CEO or Technical supervisor allows us access to Pipedrive again. So a connection to Authenticator App should be a MUST!

  • 100% agree. Integration with Google Authenticator or similar app would be much more convenient. Also, remembering a device and verification of 2FA only from time to time (e.g. once a week/month) would be good as well.

  • With the ever-increasing sophistication of phishing attacks using malicious links in emails this method of 2FA has become outdated. I use push notifications or authentication apps for most 2FA scenarios now.

  • RI
    RI Posts: 15
    10 Comments

    A large % of the issue would be solved by allowing the link to be opened on a browser or device other than the one the user is trying to log in on. eg, logging in on computer but opening link from email on phone.


  • Hello, we added workaround where you can use email link as OTP. If its opened in browser you can use copy button and when returned to Pipedrive app you will see button to continue the sign in.