Happy Business Starts Here

2FA

Extend 2FA so that it doesn't just rely on the user having a mobile device, whether via SMS or authenticator app. This could be easily achieved by sending something by email. 

 

The reason this is important is that in call centres, mobile phones are not permitted due to PCI compliance issues. It would be better to have a solution that allowed more rigorous security without a user requiring a mobile device/

2 Comments
Zuora Product Team
Status changed to: Unlikely

Hi @paulsidhu, I discussed this with security, and the concern is that if the e-mail account is compromised of the user, then the hacker will have both the password and the token... Perhaps support for a dedicated hardware device instead?

New Student

Hi Lukasz, the challenge for call centres users is that they are not permitted to have a mobile device for PCI compliance reasons. I assume there would be other means to achieve the same goal (e.g. Yubikeys, etc).