Seeing as my Plex account just got compromised (someone started watching stuff with subtitles in a different language that I’m used to, and subscribed me to Tidal Premium), I think 2FA, or at least a better mechanism to let you know who logged in, and from where, would be much appreciated.
The current Authorized devices list isn’t really useful, since it doesn’t tell you from where the login comes from, just from what platform.
BUMP. I just got an email saying someone tried to change the email associated with my account. I fixed it, changed my password, but i have no clue how 2fa isn’t setup for ANY service at this point
I am surprised we still do not even this essential feature…
So… all the agro hating in this thread is a little ridiculous, but yeah… How has this not been implemented yet? +1
This should be a standard security measure, c’mon guys. +1
Lifetime plexpass user here from when plex first offered it. Never had a tough password, and used one that I had used on other accounts.
I just had my account taken over this past week. Some scammer named Ghazi switched the email address on my account to his. I contacted plex support, they said my account had been switch to a new email address, and I could revoke it by clicking a link in a notification email. Fortunately I clicked the link one day before it expired (you get 7 days). I almost lost my lifetime plexpass because I hadn’t seen an email.
The whole email account change process should require validation. But, more importantly, authentication should require MFA.
I hope multi-factor is added soon. The fact this thread dates back to 2015 is a little scary. I thought the Plex devs were smart enough to listen to their users. In 2019 MFA is expected to be a standard security measure.
Great idea +1
+1 - this is not only an idea, this is must in 2019!
I check in on this thread every few months … have for years. I can’t believe this still has yet to be added. Very disappointing.
Unbelievable that this is still a thing. C’mon Plex, get it together on security.
173 responses so far, and it spans back from 2015. Come on guys. At least respond back with a plan.
While I think this is an important feature and I would love better communication around the topic. I want to point out that this is not a straight forward thing to implement.
2FA isn’t something you can just slap on to a product and expect it to work. Implementing it requires significant effort on both server and client side. So I’m not surprised that it’s not the highest priority. Still, some indication that it’s on the table would be nice.
While true that it’s not exactly a walk in the park, it’s hard to take a company seriously these days if they don’t have at least something in MFA. Information and data reputation is EVERYTHING.
A must. please implement this. 
Very confused as to why this doesn’t already exist.
Dear Plex,
This thread has existed for 3.5 years now and we still don’t have the option for TOTP 2FA. It is not even all that difficult to implement from a technical standpoint, and it’s been possible since the time the post was created.
I don’t see Plex staying relative for a very long future as they continue to swing in the direction of user limitation - by choice: Not allowing synced content to Android TV devices (only to mobile devices, which you then have to cast to your Android TV device…what?!), the phasing out of channel/plug-in support on PMS, continuously pitching Tidal, and worsening the mobile app UI come to mind.
Since the discontinuation of Plex Cloud, I’d think there are more than enough resources to get this done. I know I’m just speculating, but the direction the service continues to go leaves a sour taste that’s slowly turning bitter, and it smells of poor upper management. Quite disappointing as you have in your hands the potential to be the strongest personal media platform available.
Make it a Plex Pass-only feature if you need to monetize, but IMO it should be a standard option for every account in this day.
If users are not heard they will not stay, but it feels that you’re not listening anyway.
Sounds good +1
This seriously needs to be an option already!
+1, 2FA is an extremely important feature!
