Mandatory 2FA Option
complete
Chris Bisnett
complete
This is now generally available. If you would like to opt-in to this functionality now you can enable this feature through the Account settings page.
We will be enabling this feature for all Huntress accounts in the next few months. We feel that two-factor authentication is an important security feature and like many other security companies we believe it is absolutely necessary for users interacting with Huntress.
Chris Bisnett
complete
This is now generally available. If you would like to opt-in to this functionality now you can enable this feature through the Account settings page.
We will be enabling this feature for all Huntress accounts in the next few months. We feel that two-factor authentication is an important security feature and like many other security companies we believe it is absolutely necessary for users interacting with Huntress.
A
Andy Larin
Chris Bisnett: Awesome thanks Chris!!! I just turned it on!
Chris Bisnett
in progress
The development for this feature is nearly complete. We're testing it internally and everything it working well. Very soon we will be opening up this feature on an opt-in basis, so that Huntress account administrators can enable this feature and require all of their users to have some form of 2FA enabled.
One thing I want to clarify is that this first iteration will allow account administrators to require at least one form of two factor, but won't allow administrators to dictate which form of two-factor authentication their users may use. This means that if a user has TOTP (Authenticator style time-based codes) and Duo setup, administrators can require that they use 2FA, but cannot specify that they use Duo. We're going to evaluate this type of functionality for future releases.
Huntress is moving closing to being a complete security platform and with that comes the ability to configure and manage security features. To ensure the most protection we will be requiring all users to have 2FA enabled within the next few months.
As always, if you have any questions, please let us know.
A
Andy Larin
Chris Bisnett: Excellent thanks!!
A
Andy Larin
Absolutely needed! Thanks.
O
Oliva Mayer
Not sure if it's already planned. But support for FIDO U2F Security Key would be awesome as well.
M
Maegan Harvey
Mandatory 2FA is critical for security serious orgs. Thanks for prioritizing this and moving it towards reality. The sooner the better.
S
Stormy VonRueden
2FA is important. Must be implemented.
R
Rhona Bergstrom
This is becoming more and more important, so I'm hopeful it will move from roadmap to feature soon. thanks
L
Lowell Sauer
Will other platforms beyond Google Authenticator be available once mandatory 2FA is implemented?
C
Cameron Granger
Lowell Sauer: Any OTOP is supported and we currently also support DUO authentication. We do also have plans of adding SAML support.
L
Lowell Sauer
Cameron Granger: Thanks for letting me know.
Chris Bisnett
planned
Enforcing 2FA is something that's been on our roadmap for quite a while. We've been putting it off since there are a lot of workflows that need to be changed as part of this work (new users need to setup 2FA immediately, existing users need to setup 2FA before they can continue, etc.) and we wanted to make sure we understood where users were getting stuck with 2FA.
The priority for this is higher now that we're incorporating Managed Antivirus and users with the necessary permissions could disable antivirus on the endpoints. We want to ensure that this only happens by authorized users.
Thanks everyone who upvoted this feature - that really helps us understand what you all feel is important. We'll keep you updated on the progress of this as we work through it.