Should 2FA be mandatory on Make?

Cyberattacks nowadays are getting increasingly sophisticated and more frequent nowadays which makes me wonder what would the ramifications be if someone managed to get access to a Make admin account.

Right now, all that seems to stand in the way is an email and a password, and while the IT-savvy minded people here might create secure passwords, and enact 2FA, we no doubt have users/clients with Admin/Owner rights who may not create secure passwords or enact 2FA.

Most accounting software now requires mandatory 2FA, as do other softwares that hold crucial data.

The worrisome thing here is if Make connected to all these software, a bad player who gained access to a Make account, in a way would be bypassing all the 2FA requirements of each of those software and could wreak an unimaginable amount of havoc.

So the question begs to be said, should Make be enacting 2FA as a mandatory feature? SSO is good, but not everyone uses it, especially in smaller business settings.

It’d be nice to see Make also be proactive about user authentication, and enact all the latest developments around it.

What do you think? Keen to hear the community’s thoughts on this

It would a good step to enable organization owners to enable 2fa as mandatory for all users of an account. But I wouldn’t go so far to force it on all accounts. Make it an option but also find the ability to set up 2fa as a mandatory policy.

Totally agree for need for Organization 2FA setting.
Currently users are able to do their own settings, but most of them do not configure 2FA. We are opening up such scenarios that can take whole organization down… It’s crazy, that such a feature is still missing.

I think anyone that can edit or run a scenario should have 2FA forced upon them. I agree, users who don’t have that level of access shouldn’t be forced with 2FA