Authorize.net portal 2 factor authentication

Status: Under Review
by Christophe on ‎04-30-2015 07:47 AM

Despite using best security practices to protect passwords, we consider the single form authentication to the Authorize.net portal to be a critical security concern.

 

The concern is especially high with regard to CIM. When CIM is enabled, anybody breaking into the Authorize.net account can do a lot of damage (like creating transactions).

 

We are in 2015 and two form factor authentication is widespread and easy to implement. It does not have to be a full blown 2-factor with MFA devices. A simple solution - for example using a mobile phone access code - would already be a huge improvement over the current system.

 

 

Status: Under Review
Comments
by Christophe
on ‎04-30-2015 03:25 PM
Another motivation is to protect our clients data (name, address, last 4 digits of CC) which is accessible in CIM. We owe our clients to do the best in protecting this data, and currently this data for hundreds of clients, is only protected by a single password...
by Administrator Administrator
on ‎08-13-2015 03:31 PM
Status changed to: Under Review
 
by merpro
‎12-02-2015 10:21 AM - edited ‎12-02-2015 10:21 AM

I second and third this. It is embarrassing that banks, credit cards, email accounts and even my kids school has 2 factor authentication and a payment gateway proccesing millions of dollars does not.

 

After implementing 2FA, please revisit whether forcing users to change their password every 90 days is truly adding security. It was a nice concept but the reality is that most customers are writing down the new password becuase they can't remember the changes so often.  

by pat1498
on ‎10-20-2016 09:07 AM

Not only is this embarassing, but it's a requirement for PCI compliance by Jan. 2018.  When will this be implemented?