Please add MFA to your site. You have financial data and private user information on user accounts. I have no idea why you are not using basic levels of security to ensure users protection. Please implement immediately.
I would love to see an option to use two factor authentication (2FA) my Logos account.
While few crooks would want to steal an account, but they could take over your account and hold it hostage or destroy it's content/notes.
Is this a possiblity in the near future?
Thanks!
For sure. I would at least like the option to opt in to 2FA. When you invest thousands into an account, you'd like to think it's at least a little more secure than a password.
Hello,
Is there a plan to add multi-factor authentication security to account logins?
Any type of MFA, even email, would be better than nothing.
Why does this not exist?
This should be the absolute #1 priority of the dev team over all other things. How could not be available yet with accounts that have THOUSANDS and sometimes TEN OF THOUSANDS of dollars spent in them?
Up!
Temp solution : https://www.logos.com/account/devices is available for checking devices logged in to account.
Actually, for me, nothing is better … best. Would I want MFA on Word? Excel? No way. Verbum is similarly a tool from which a hacker would find nothing of commercial value. I have many other issues I would rather have Logos spend their development dollars on.
@Alex Bowsher To help us prioritize this suggestion, can you explain the threat model where 2FA would help secure your Logos account?
I would have to disagree completely here. Your response is extremely assumptive. Just to name a few things…
Also and probably most importantly… a program like this can be intimate in nature, especially when it comes to studying and breaking down your core beliefs… there are plenty of revealing Notes / Thoughts within Logos accounts... With social engineering and AI this could be a great spot to know the most you can about someone… especially since there is no 2FA. YOU might not care if someone gets into your Word or Excel accounts… but majority of people would care… A LOT. This is a rudimentary security measure in the modern age. It is not even questioned elsewhere.
Hey @Bradley Grainger (Logos),
Not 100% certain this is what you are asking for here.. but here is a quick rundown on why it would help:
Risks:
How 2FA would help:
If you are looking for a WHY for Logos.. see my response to MJ. Smith above.
Thank you
What's the threat model for your account? (I assume you're proposing opt-in 2FA, not mandatory 2FA for all Logos users.)
Are you using a "weak or reused password"?
I am struggling to understand what you mean by "threat model" here.
Yes, I am proposing opt-in 2FA, not mandatory 2FA for all Logos users. This is similar most other Auth offerings within online applications.. However.. there are a lot of services that do require it of their users, and if not, they require it in certain instances (as I assume you are aware of).
Here is one example of a good practice required 2FA instance: Required 2FA when signing into your account on a new / unrecognized device.. the main / most common method being email code since email is required for majority of services and this helps secure accounts in this way.
"Are you using a "weak or reused password"?" - I am really not sure why this would be a relevant point in this conversation as:
1. There are many users asking for this feature.
2. It makes no difference if I personally am using a weak or reused password.
3. This is a common, standard, and basic service application practice in the modern age.
4. This also could help prevent data leaks on not on the user side but for Logos as well.
If you are asking why Logos needs to add 2FA given the current functionality.. Yes, weak or reused passwords is a massive part of it. Users should not have only one method of authentication. Logos should want to implement this feature for the event that I or all of their users are using a weak or reused password.
Also, majority of Auth providers (Auth0, Firebase, Cognito, Clerk, AWS, Supabase, etc..) handle these implementations for you.. it is simply a checkbox if you want to allow your users to have 2FA options and you can limit which ones you want them to have access to. Obviously, I do not know what the authentication infrastructure looks like currently and have no idea how easy it would be to add this.. but in modern platforms it is rather simple.
If I am not fully answering your question.. please let me know. I am happy to expand on it.
Lastly, I am really baffled on why there is a need for this much justification with such a simple and standard feature in today's security landscape. This not only protects users but Logos itself.
Thank you,
I'm not against 2FA but a Logos threat model has had difficulty in identifying/describing over the years (in concert with internal FL processes).
Car manufacturer Volvo was recently attacked. The attack effectively shut down their entire operation.
In this one article at Fox News, it also mentions other recent attacks on a steel maker, grocery chain, insurance companies, and airlines.
In other words, anything online that is not secure is a potential target.
Here is what I found interesting … after the attack the company issued a common statement which we hear in the news all the time:
The company said there isn’t any evidence to date that customer data was stolen, and it is "working at pace to restart our global applications in a controlled manner."
but a google search returned a website that monitors and reports on dark web activity shows the personal info including SS numbers of over 20,000 employees in northern US were obtained in the attack.
I know the OP here was more concerned with individual accounts, and I agree. 2FA is a minimum that should already be in use.
What I do not know is how secure is the entire system at Logos? If I had to guess, it is all probably built on Microsoft or Amazon technology. It is possible that Logos servers are secure from cyber-ware and ransomeware attacks. But as an end user I have no information on how secure.
Previous threads have discussed the lack of end to end encryption, and the lack of 2FA does raise suspicion that nobody is guarding the henhouse. I would have hoped that Bradley would already know the threat exposure.
As to the mention of Word and Excel, they both have file level encryption as an option, and both can be saved to a secure Microsoft account. Microsoft forces you to use a one drive account which is secure if you have certain versions of office, and saving locally is not even an option. So what was the relevance to the conversation here?
And again, exactly what is the Logos threat that 2FA would reduce (again not questioning 2FA per se):
These seem the risks. Vs costs?
In another thread, users expressed concern over lack of privacy of their personal notes.
If defining risk as simply financial loss, I can see why there is little concern.
I personally am not concerned about a lack of encryption or privacy in Logos because I have no intention of ever using it to store personal or private data. But
Just to name a few things…
Also and probably most importantly… a program like this can be intimate in nature, especially when it comes to studying and breaking down your core beliefs… there are plenty of revealing Notes / Thoughts within Logos accounts... With social engineering and AI this could be a great spot to know the most you can about someone… especially since there is no 2FA.
… read my post above.
Edit.. misread.
Dear Logos, please add 2FA to our accounts. I would rather not wake up to find some rogue theologian buying commentaries in my name.
If I didn't have so many precious books in Logos as well as my credit card info, I wouldn't be so concerned, but I am very surprised that Logos does not have a 2FA option to protect their customers from hackers. Please consider this! Thanks.
You may want to vote on this other thread about MFA/2FA.
Done, thank you for sharing. Unfortunately, I don’t think they’ll adopt MFA until they encounter a significant security issue / threat / incident. It seems Logos and its users may have to learn the hard way and that preventative security is not a priority for them. WILD to me.. but it is what it is.
One reason that it has not been given priority is that no one requesting it has shown what is at risk from the data breaches on the products. Additional security on the accounts and stores is a more obvious concern.
I have already explained it to you in detail in the main thread. You clearly do not understand this at all.
"Additional security on the accounts and stores is a more obvious concern." ← THIS IS WHAT MFA HELPS TO PROTECT.
The risk is blatantly obvious.
You clearly do not understand this at all.
Hmmm, having just spent Thanksgiving with one of the world's heavy-duty (Israeli military level heavy-duty) experts, I might beg to differ. But I think you misread my post which said such security on Logos/Proclaim solved no serious security issue. Security of accounts have a security risk for which 2FA is an appropriate addition.
Currently, my Logos account is worth more than my car. I have invested heavily in Logos to build a robust library. I am afraid that my account could be hacked and I could lose access to it. A criminal could very well steal the account, change the email and password, make purchases on my saved credit card, and sell the Logos account on internet forums. That is a legitimate reason for me to want 2FA.
They don't get it man. They really don't understand. It's wild.
That’s a strained hypo that real world hackers would never waste their time to exploit - too many other far more direct pathways to profit for them.
1. No one ever said it was the magic elixir and no one here is pretending. It's an obvious layer of protection that Logos refuses to acknowledge and implement. Insane.
2. There is much more data that could be accessed. I already detailed this out above in an earlier reply.
3. This comment assumes that the financial server does not have necessary protection already (which would be wild). Like there is a ton of work to do on that end still.... Also, this comment dismisses blantant data concerns in non MFA protected user accounts.
4. NO ONE IS ASKING FOR MANDATORY MFA. USERS ARE ASKING FOR THE OPTION TO USE IT FOR ADDITIONAL PROTECTION.
Again... just another person that does not understand the concern. Unfortunately this is a ticking time bomb that Logos will eventually have to learn the hard way with.
Attacks in this age are much more sophisticated and hyper targeted than they used to be. It is not far fetched at all that someone or a AI bots would find a user's account they are trying exploit and easily be able to target them with phishing email, or use know password leaked on a dark web list to gain access to a user's Logos account. Without MFA the user would not be protected in these senarios and all of the data within their account could be accessed or used against them in other types of attacks.
Example: User uses Logos for personal notes and information about their life with the Bible Study feature. User adds notes on how they cheated on their wife or did something wrong (insert anything personally revealing). Attacker / Bots gain access to targets account (since there is no MFA) easily through phishing email or password list on darkweb. Attacker uses blackmailing techniques to leak personal info on a ransom. Which happens a lot to higher profile / known individuals.
AI attacks are extremely common now as tools like KawaiiGPT and WormGPT are widely and easily accessible.
Attacks like this happen every day. No one here is asking for the moon. This is being portrayed as some widly heavy task like rebuilding all of Logos in a new coding language. Userd simply asking for an extra layer of protection to avoid attacks on our accounts as ever other service in our lives already offer.
The reason I stated that is because you missing the point entirely of what people are asking for in this thread. They / I are asking for MFA to for this:
"Security of accounts have a security risk for which 2FA is an appropriate addition."
You agree with us.
Available Now
Build your biblical library with a new trusted commentary or resource every month. Yours to keep forever.
I would like a Linux version to download & use on my Desktop. I do not own Windows or MacOS, and I understand that it can be used via webapp, but a standalone Linux version would be better and more suitable to my devices. Something that you all might be interested in, is creating an AppImage so that it can run on any Linux…
I am more frequently using workflows, for example for word analysis (original language). Sometimes you may want to go back to a previous step (that was completed) since you feel you need to look again at that particular step of your research. However, it seems there is no option to put back a completed step to the status…
Historically, the documentation of Factbook sections has been weak compared to the documentation of Guide sections. As data is moved from guides into Factbook, please ensure that the Factbook documentation is enhanced to the level of the guide sections or more.
On the task bar, I would like the shortcuts section to be variable in size so that those without shortcuts could view the entire task bar rather than having the supplement (tail) to expand at the bottom. I prefer a design where all the taskbar icons are visible unless I explicitly hide them. It allows the icons to do their…
