Zuora Logo

Happy Business Starts Here

2FA

2FA

Status: Unlikely Submitted by New Student on ‎02-03-2017 12:35 AM
2 Comments (2 New)

Extend 2FA so that it doesn't just rely on the user having a mobile device, whether via SMS or authenticator app. This could be easily achieved by sending something by email. 

 

The reason this is important is that in call centres, mobile phones are not permitted due to PCI compliance issues. It would be better to have a solution that allowed more rigorous security without a user requiring a mobile device/

2 Comments
lukasz
Zuora Product Team
Zuora Product Team
‎02-08-2017 11:52 AM
‎02-08-2017 11:52 AM
Status changed to: Unlikely

Hi @paulsidhu, I discussed this with security, and the concern is that if the e-mail account is compromised of the user, then the hacker will have both the password and the token... Perhaps support for a dedicated hardware device instead?

paulsidhu
New Student
New Student
‎04-19-2017 03:47 AM
‎04-19-2017 03:47 AM

Hi Lukasz, the challenge for call centres users is that they are not permitted to have a mobile device for PCI compliance reasons. I assume there would be other means to achieve the same goal (e.g. Yubikeys, etc).