[implemented] Two Factor Authenticator for Plex account

Yes sir they are making progress. Keep in mind that Plex has an established complex authentication mechanism that has to robustly deal with networks dropping out. So adding in 2FA has to be very well sorted out before we’ll see it.

Some good news, though, arrived from Apple. They added USB hardware key support for doing 2FA in the latest Safari to iPads, Phones, and Macs.

1 Like

That’s actually great news! Also, as a reminder to everyone: you can already enjoy full MFA benefits (including hardware keys like YubiKey) if you use your Google account with Plex.

2 Likes

Please add MFA/2FA ASAP. This is really needed these days. Plex has already suffered a breach that leaked user data.

https://www.plex.tv/blog/security-notice-forum-user-password-resets/

Can we make this happen in the near future?

Thank you

5 Likes

Hi Plex devs, I would love to see 2FA/MFA as a standard security feature for Plex. I am actually quite surprised that this feature is not already implemented given all of the robust (and awesome) features released to date.

In the advent of an ever-connected world, the virtual and physical security access layers to isolate and secure access are slim to none. A single password in isolation is simply insufficient to adequately protect cloud connected accounts, secondary layers of authentication are necessary to protect accounts in 2020 and beyond.

*Bonus points for app-based software authentication and USB tokens. SMS 2FA is meh.

1 Like

+1 for 2FA

1 Like

+1 for 2FA

1 Like

+1 for 2FA

1 Like

+1 for 2FA

1 Like

Alternatively include capability to use SQRL, thus eliminating need for passwords or MFA.
https://sqrl.grc.com/

SQRL, a virtually unknown proprietary niche security platform? No thanks lol. Lets stick to the well known and well used MFA standards out there first.

4 Likes

I wonder if one of the reasons for not implementing 2FA sooner was that this functionality was indirectly available if you chose to log in to Plex with a FaceBook or Google+ account.

But at what cost?

This scare should be enough for Plex to seriously consider implementing 2FA independently of third-parties providers, particularly the likes of FaceBook and Google+ that are notorious for making you opt-out rather than opt-in to their data collection services.

2 Likes

2FA would have no impact on a properly implemented third-party login process since it should be authenticating with the third party and then returning to lookup user data on plex-internal database, after which a 2FA prompt can be provided.

2FA would also have absolutely no impact on the issue you quoted and would not have stopped it happening.

2FA (or as some prefer MFA) is a fairly simple thing to implement from a web or mobile client perspective. Linking accounts via a one-time-passcode as is currently done on TV clients will continue to work as well since that link process is providing a session / user token and is done from an existing logged in device which will already have passed 2FA requirements.

Regarding @nibbles comment about Safari and USB hardware key support, this is nice to see but not a requirement for implementing a google authenticator-style 2FA process and Web Auth API doesn’t actually need a hardware key anyway, Chrome already supports using whatever hardware key you want like touch id etc if you don’t want to provide a USB key and have a device with biometrics enabled (most mid to upper-range modern phones, some laptops like macbook pros).

Even without the biometrics or using the web auth api, the google authenticator style OTP generators are very VERY easy to implement on to pre-existing auth processes.

3 Likes

+1 for 2FA

1 Like

+1000

1 Like

+1 for 2FA

Why is Plex ignoring the security of their clients? 2FA is needed!

3 Likes

How is this basic account security function not present yet? Not only is it common sense, it’s been a highly requested feature for years. I’ll likely not renew my pass out of principle if this continues to be ignored.

4 Likes

More then 4 years! This needs to happen.

2 Likes

No really. been more than six waiting for multi cut version of movies allowed and so far that has not been implemented. lol

1 Like

+1 would love to see this as well