Add Two Factor Authentication

Completed

Comments

18 comments

  • Avatar
    mmmnnn02

    According to this http://engineering.opendns.com/2014/05/22/launching-two-step-verification/ we should be able to now use this!

    0
    Comment actions Permalink
  • Avatar
    Patrick Colford

    Yes! Two Factor Auth is live for Enterprise accounts, and we are more than happy to help people enable it.

    -5
    Comment actions Permalink
  • Avatar
    scotthilt

    While I applaud you for enabling 2-Factor on enterprise accounts, when do the rest of us get this?

    3
    Comment actions Permalink
  • Avatar
    mattwilson9090

    By rest of us do you mean the non-Enterprise pay services, or the free service as well?

    0
    Comment actions Permalink
  • Avatar
    scotthilt

    I mean ALL OpenDNS accounts. Account security is so important that it should supersede pay or free services. It should be a basic offering to all users.

    5
    Comment actions Permalink
  • Avatar
    rotblitz

    Would you have expected an update?  Why?

    -4
    Comment actions Permalink
  • Avatar
    crossadmin

    I use OpenDNS Home Vip and I don't see any option for 2FA. Why isn't that supported in the free plan? Do I have to purchase a business account as single user to get better security? Really?

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    What is this "better security" with 2FA in conjunction with OpenDNS Home VIP?  Or better: what are the security risks associated with having no 2FA?
    (You don't need to know the answer to this question, but if you don't know, don't care.)

    -4
    Comment actions Permalink
  • Avatar
    glenn2

    6 years later and 2FA still isn't available outside of enterprise accounts. Security should not be a "feature", security should be standard. 

    1
    Comment actions Permalink
  • Avatar
    rotblitz

    What are the security risks if any?

    0
    Comment actions Permalink
  • Avatar
    glenn2 (Edited )

    Many. One could immediately get the IP address of an organization and start scanning the ports. One could turn off security settings and blocked domains which means all devices/endpoints on that network can now connect to everything that was supposed to be blocked.

    Looking at the logs, you can see all of the domains that are being connected to. This could easily paint a picture of what other businesses that business works with. With that knowledge, spear phishing would be a lot easier to craft. As for privacy, it would be same as allowing someone to look at your browser history without you even knowing. 

    There is a reason why Google, Apple, Microsoft, Facebook, Twitter, Banks, Brokerages, Utilities, Governments, and Hospitals (to name a few) use 2FA. 

    The millions of users who loose control of accounts everyday could be prevented if they had an additional layer of protection. This is referred to as defense-in-depth

    https://www.us-cert.gov/bsi/articles/knowledge/principles/defense-in-depth

    2
    Comment actions Permalink
  • Avatar
    rotblitz (Edited )

    In contrast to your first post where you said "2FA still isn't available outside of enterprise accounts", you are now talking about an enterprise account setting with arguments not really applicable for the private free services.  For Umbrella, Prosumer and the free DNS Monitoring service 2FA is available since mid 2014 already.

    That is why this idea is being marked as "completed".  It was related to the Umbrella service for businesses.

    0
    Comment actions Permalink
  • Avatar
    mmmnnn02 (Edited )

    I think the argument should be why should any offering by OpenDNS NOT come with 2FA? rotblitz if it is marked "complete" on the technicality of "it was related to the Umbrella service for businesses" can you point us to the appropriate place for submitting the request to add 2FA for all OpenDNS account types?

    FWIW, I have not found a way to turn on 2FA for my "Household" account, so if there is a way, please point me to the instructions.

    0
    Comment actions Permalink
  • Avatar
    glenn2
    0
    Comment actions Permalink
  • Avatar
    rotblitz (Edited )

    @mmmnnn02

    A place for submitting a request for a free service?  None!  You cannot request something for a free service.  You just can provide your wishes in the idea bank.

    And no, for the free OpenDNS Home services there is definitely no 2FA.  And I as user do not see a need for it and would not use it anyway.  I want to quickly access my account.  And the risks are less than minimal with a complex password and a user ID (email address) not being known to anyone.

    0
    Comment actions Permalink
  • Avatar
    rotblitz (Edited )

    @glenn2

    What did I close?  I do not have the power to close anything...

    "Your IP is exposed under the "settings" tab, and under "stats" are the domains & IP's that were connected to."

    Yes, this is what you probably want.  What are the security risks?  If you don't want it, disable logs and stats, or delete your dashboard network.

    And I'm affiliated with OpenDNS probably as you are.  In no way.

     

    0
    Comment actions Permalink
  • Avatar
    glenn2

    "closed" meaning the thread is marked "completed".

    "If you don't want it, disable logs and stats, or delete your dashboard network."

    The security risks I thoroughly explained already. And of course if I disable everything and cancel the account then there wouldn't be an OpenDNS account to hack. But that defeats the purpose of having OpenDNS and the security & content filtering. 

    Having 2FA, the user can toggle it on/off as they choose. You prefer not to and that's ok. 

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    "closed" meaning the thread is marked "completed".

    I also do not have the power to mark a thread in such a way.  As I said, I have the same power as you have.

    It has been marked by staff, probably this:
    https://support.opendns.com/hc/en-us/community/posts/220015847/comments/224533127

    0
    Comment actions Permalink

Please sign in to leave a comment.