email verification masquerading as 2FA
The email verification masquerading as 2FA is very inconvenient and relies on the customer to have access to their Pipedrive associated email account on the same device on which they are logging into Pipedrive. Competing applications are smarter and use Authenticator apps or push notifications. When will this be changed as it interrupts workflow and restricts access for those with valid credentials?
Comments
-
I 100% agree with this. I am using 2FA from my phone most of the time for other apps and our company employees don't have access to our email domain inbox, so if our Pipedrive asks for any verification, it's pretty much a waiting game until our CEO or Technical supervisor allows us access to Pipedrive again. So a connection to Authenticator App should be a MUST!
0 -
100% agree. Integration with Google Authenticator or similar app would be much more convenient. Also, remembering a device and verification of 2FA only from time to time (e.g. once a week/month) would be good as well.
0 -
With the ever-increasing sophistication of phishing attacks using malicious links in emails this method of 2FA has become outdated. I use push notifications or authentication apps for most 2FA scenarios now.
0 -
Hello, we added workaround where you can use email link as OTP. If its opened in browser you can use copy button and when returned to Pipedrive app you will see button to continue the sign in.
0 -
TOTP from a password manager / authenticator app is required please.
I would be disappointed if the improvement is only a OTP text message sent to a mobile phone 😑 TOTP are so much quicker to log in with instead of waiting for a 3rd party service to send you something.
1 -
Agree with @Richard that proper TOTP is something that should be in place. Also, now that Passkeys are a thing, maybe Pipedrive should jump a bit ahead of the curve and offer that as login method, as it greatly simplifies everything related to password management?!
0
