Please add MFA to your site. You have financial data and private user information on user accounts. I have no idea why you are not using basic levels of security to ensure users protection. Please implement immediately.
I would love to see an option to use two factor authentication (2FA) my Logos account.
While few crooks would want to steal an account, but they could take over your account and hold it hostage or destroy it's content/notes.
Is this a possiblity in the near future?
Thanks!
For sure. I would at least like the option to opt in to 2FA. When you invest thousands into an account, you'd like to think it's at least a little more secure than a password.
Hello,
Is there a plan to add multi-factor authentication security to account logins?
Any type of MFA, even email, would be better than nothing.
Why does this not exist?
This should be the absolute #1 priority of the dev team over all other things. How could not be available yet with accounts that have THOUSANDS and sometimes TEN OF THOUSANDS of dollars spent in them?
Up!
Temp solution : https://www.logos.com/account/devices is available for checking devices logged in to account.
Actually, for me, nothing is better … best. Would I want MFA on Word? Excel? No way. Verbum is similarly a tool from which a hacker would find nothing of commercial value. I have many other issues I would rather have Logos spend their development dollars on.
@Alex Bowsher To help us prioritize this suggestion, can you explain the threat model where 2FA would help secure your Logos account?
I would have to disagree completely here. Your response is extremely assumptive. Just to name a few things…
Also and probably most importantly… a program like this can be intimate in nature, especially when it comes to studying and breaking down your core beliefs… there are plenty of revealing Notes / Thoughts within Logos accounts... With social engineering and AI this could be a great spot to know the most you can about someone… especially since there is no 2FA. YOU might not care if someone gets into your Word or Excel accounts… but majority of people would care… A LOT. This is a rudimentary security measure in the modern age. It is not even questioned elsewhere.
Hey @Bradley Grainger (Logos),
Not 100% certain this is what you are asking for here.. but here is a quick rundown on why it would help:
Risks:
How 2FA would help:
If you are looking for a WHY for Logos.. see my response to MJ. Smith above.
Thank you
What's the threat model for your account? (I assume you're proposing opt-in 2FA, not mandatory 2FA for all Logos users.)
Are you using a "weak or reused password"?
I am struggling to understand what you mean by "threat model" here.
Yes, I am proposing opt-in 2FA, not mandatory 2FA for all Logos users. This is similar most other Auth offerings within online applications.. However.. there are a lot of services that do require it of their users, and if not, they require it in certain instances (as I assume you are aware of).
Here is one example of a good practice required 2FA instance: Required 2FA when signing into your account on a new / unrecognized device.. the main / most common method being email code since email is required for majority of services and this helps secure accounts in this way.
"Are you using a "weak or reused password"?" - I am really not sure why this would be a relevant point in this conversation as:
1. There are many users asking for this feature.
2. It makes no difference if I personally am using a weak or reused password.
3. This is a common, standard, and basic service application practice in the modern age.
4. This also could help prevent data leaks on not on the user side but for Logos as well.
If you are asking why Logos needs to add 2FA given the current functionality.. Yes, weak or reused passwords is a massive part of it. Users should not have only one method of authentication. Logos should want to implement this feature for the event that I or all of their users are using a weak or reused password.
Also, majority of Auth providers (Auth0, Firebase, Cognito, Clerk, AWS, Supabase, etc..) handle these implementations for you.. it is simply a checkbox if you want to allow your users to have 2FA options and you can limit which ones you want them to have access to. Obviously, I do not know what the authentication infrastructure looks like currently and have no idea how easy it would be to add this.. but in modern platforms it is rather simple.
If I am not fully answering your question.. please let me know. I am happy to expand on it.
Lastly, I am really baffled on why there is a need for this much justification with such a simple and standard feature in today's security landscape. This not only protects users but Logos itself.
Thank you,
I'm not against 2FA but a Logos threat model has had difficulty in identifying/describing over the years (in concert with internal FL processes).
Car manufacturer Volvo was recently attacked. The attack effectively shut down their entire operation.
In this one article at Fox News, it also mentions other recent attacks on a steel maker, grocery chain, insurance companies, and airlines.
In other words, anything online that is not secure is a potential target.
Here is what I found interesting … after the attack the company issued a common statement which we hear in the news all the time:
The company said there isn’t any evidence to date that customer data was stolen, and it is "working at pace to restart our global applications in a controlled manner."
but a google search returned a website that monitors and reports on dark web activity shows the personal info including SS numbers of over 20,000 employees in northern US were obtained in the attack.
I know the OP here was more concerned with individual accounts, and I agree. 2FA is a minimum that should already be in use.
What I do not know is how secure is the entire system at Logos? If I had to guess, it is all probably built on Microsoft or Amazon technology. It is possible that Logos servers are secure from cyber-ware and ransomeware attacks. But as an end user I have no information on how secure.
Previous threads have discussed the lack of end to end encryption, and the lack of 2FA does raise suspicion that nobody is guarding the henhouse. I would have hoped that Bradley would already know the threat exposure.
As to the mention of Word and Excel, they both have file level encryption as an option, and both can be saved to a secure Microsoft account. Microsoft forces you to use a one drive account which is secure if you have certain versions of office, and saving locally is not even an option. So what was the relevance to the conversation here?
And again, exactly what is the Logos threat that 2FA would reduce (again not questioning 2FA per se):
These seem the risks. Vs costs?
In another thread, users expressed concern over lack of privacy of their personal notes.
If defining risk as simply financial loss, I can see why there is little concern.
I personally am not concerned about a lack of encryption or privacy in Logos because I have no intention of ever using it to store personal or private data. But
Just to name a few things…
Also and probably most importantly… a program like this can be intimate in nature, especially when it comes to studying and breaking down your core beliefs… there are plenty of revealing Notes / Thoughts within Logos accounts... With social engineering and AI this could be a great spot to know the most you can about someone… especially since there is no 2FA.
… read my post above.
Edit.. misread.
I was reading through Charles Stanley's Handbook for Christian Living tonight. I noticed it has some concise yet useful articles on various counseling topics, but it doesn't appear in the Counseling Guide yet. This might be a good one to add to the Counseling Guide as another resource.
Please allow us to access, read, search, etc. our personal (user-created) books on the mobile app.
I have recently completed a MS in Learning Design and have been thinking of ways to incorporate learning theories into the preaching and discipleship ministries of the church. I think it would be helpful if Logos could develop an AI tool into its platform that would allow users to upload a sermon manuscript and then ask…
Passage lists have a lot of potential, but it presently feels more like a beta feature or at least a feature that is too simple. Other feature additions that would be super helpful would be adding the ability to add a note to the list as a whole and freedom to add notes to individual passages (also perhaps a title and…
Make it easier to insert a verse/passage at a precise place in the passage list instead of automatically adding it to the bottom of the list. Allow me to right-click on a passage already in the passage list and click "insert passage", similar to the "insert heading" option. The passage then gets inserted above the…
