Please add MFA to your site. You have financial data and private user information on user accounts. I have no idea why you are not using basic levels of security to ensure users protection. Please implement immediately.
I would love to see an option to use two factor authentication (2FA) my Logos account.
While few crooks would want to steal an account, but they could take over your account and hold it hostage or destroy it's content/notes.
Is this a possiblity in the near future?
Thanks!
For sure. I would at least like the option to opt in to 2FA. When you invest thousands into an account, you'd like to think it's at least a little more secure than a password.
Hello,
Is there a plan to add multi-factor authentication security to account logins?
Any type of MFA, even email, would be better than nothing.
Why does this not exist?
This should be the absolute #1 priority of the dev team over all other things. How could not be available yet with accounts that have THOUSANDS and sometimes TEN OF THOUSANDS of dollars spent in them?
Up!
Temp solution : https://www.logos.com/account/devices is available for checking devices logged in to account.
Actually, for me, nothing is better … best. Would I want MFA on Word? Excel? No way. Verbum is similarly a tool from which a hacker would find nothing of commercial value. I have many other issues I would rather have Logos spend their development dollars on.
@Alex Bowsher To help us prioritize this suggestion, can you explain the threat model where 2FA would help secure your Logos account?
I would have to disagree completely here. Your response is extremely assumptive. Just to name a few things…
Also and probably most importantly… a program like this can be intimate in nature, especially when it comes to studying and breaking down your core beliefs… there are plenty of revealing Notes / Thoughts within Logos accounts... With social engineering and AI this could be a great spot to know the most you can about someone… especially since there is no 2FA. YOU might not care if someone gets into your Word or Excel accounts… but majority of people would care… A LOT. This is a rudimentary security measure in the modern age. It is not even questioned elsewhere.
Hey @Bradley Grainger (Logos),
Not 100% certain this is what you are asking for here.. but here is a quick rundown on why it would help:
Risks:
How 2FA would help:
If you are looking for a WHY for Logos.. see my response to MJ. Smith above.
Thank you
What's the threat model for your account? (I assume you're proposing opt-in 2FA, not mandatory 2FA for all Logos users.)
Are you using a "weak or reused password"?
I am struggling to understand what you mean by "threat model" here.
Yes, I am proposing opt-in 2FA, not mandatory 2FA for all Logos users. This is similar most other Auth offerings within online applications.. However.. there are a lot of services that do require it of their users, and if not, they require it in certain instances (as I assume you are aware of).
Here is one example of a good practice required 2FA instance: Required 2FA when signing into your account on a new / unrecognized device.. the main / most common method being email code since email is required for majority of services and this helps secure accounts in this way.
"Are you using a "weak or reused password"?" - I am really not sure why this would be a relevant point in this conversation as:
1. There are many users asking for this feature.
2. It makes no difference if I personally am using a weak or reused password.
3. This is a common, standard, and basic service application practice in the modern age.
4. This also could help prevent data leaks on not on the user side but for Logos as well.
If you are asking why Logos needs to add 2FA given the current functionality.. Yes, weak or reused passwords is a massive part of it. Users should not have only one method of authentication. Logos should want to implement this feature for the event that I or all of their users are using a weak or reused password.
Also, majority of Auth providers (Auth0, Firebase, Cognito, Clerk, AWS, Supabase, etc..) handle these implementations for you.. it is simply a checkbox if you want to allow your users to have 2FA options and you can limit which ones you want them to have access to. Obviously, I do not know what the authentication infrastructure looks like currently and have no idea how easy it would be to add this.. but in modern platforms it is rather simple.
If I am not fully answering your question.. please let me know. I am happy to expand on it.
Lastly, I am really baffled on why there is a need for this much justification with such a simple and standard feature in today's security landscape. This not only protects users but Logos itself.
Thank you,
I'm not against 2FA but a Logos threat model has had difficulty in identifying/describing over the years (in concert with internal FL processes).
Car manufacturer Volvo was recently attacked. The attack effectively shut down their entire operation.
In this one article at Fox News, it also mentions other recent attacks on a steel maker, grocery chain, insurance companies, and airlines.
In other words, anything online that is not secure is a potential target.
Here is what I found interesting … after the attack the company issued a common statement which we hear in the news all the time:
The company said there isn’t any evidence to date that customer data was stolen, and it is "working at pace to restart our global applications in a controlled manner."
but a google search returned a website that monitors and reports on dark web activity shows the personal info including SS numbers of over 20,000 employees in northern US were obtained in the attack.
I know the OP here was more concerned with individual accounts, and I agree. 2FA is a minimum that should already be in use.
What I do not know is how secure is the entire system at Logos? If I had to guess, it is all probably built on Microsoft or Amazon technology. It is possible that Logos servers are secure from cyber-ware and ransomeware attacks. But as an end user I have no information on how secure.
Previous threads have discussed the lack of end to end encryption, and the lack of 2FA does raise suspicion that nobody is guarding the henhouse. I would have hoped that Bradley would already know the threat exposure.
As to the mention of Word and Excel, they both have file level encryption as an option, and both can be saved to a secure Microsoft account. Microsoft forces you to use a one drive account which is secure if you have certain versions of office, and saving locally is not even an option. So what was the relevance to the conversation here?
And again, exactly what is the Logos threat that 2FA would reduce (again not questioning 2FA per se):
These seem the risks. Vs costs?
In another thread, users expressed concern over lack of privacy of their personal notes.
If defining risk as simply financial loss, I can see why there is little concern.
I personally am not concerned about a lack of encryption or privacy in Logos because I have no intention of ever using it to store personal or private data. But
Just to name a few things…
Also and probably most importantly… a program like this can be intimate in nature, especially when it comes to studying and breaking down your core beliefs… there are plenty of revealing Notes / Thoughts within Logos accounts... With social engineering and AI this could be a great spot to know the most you can about someone… especially since there is no 2FA.
… read my post above.
Edit.. misread.
Every time I turn on Logos to use, it should save my settings. For example, when I check the DASHBOARD icon to hide the Home Page it should stay Hidden or Off, until I check it again to turn it on. It should stay that way as long as the program is running on my computer. When I'm done for that session, and close Logos, It…
For example, it is remarkable (in a bad way), that we still cannot do a simple search with a filter. For example, maybe I want to search Luther for "union". One would think it would be as simple as typing union author:Luther In fact, 15 years ago, this was already (incorrectly) suggested as the solution to a similar post.…
NOW it 2-3 clicks. 1.Click view to get the right bar to show 2. click the Greek Hebrew letters 3. select on/off BEFORE ONE click the Greek Hebrew letters hit the down arrow to options what one want to see why take it from a simple one click to 2-3 clicks? why take it from simple to complex?
It is great being able to create a passage list around a particular topic. It would be more helpful if after making a passage list, you are able to add comments under each individual passage so that you can commment/have a note explaining how that passage relates to the topic.
Source: Goswell, Gregory. Text and Paratext: Book Order, Title, and Division as Keys to Biblical Interpretation. Lexham Academic, 2023. Yes, I know I could make one but I'd do so quoting the text and then questioning if I was stretching "fair use". If Logos makes an official workflow, they know the legal ins and outs … and…
