Asana Security Two Factor Authentication

WE NEED 2FA IMMEDIATELY W/GOOGLE AUTHENTICATOR AND DELETE PROTECTION WITH A CENTRAL DELETION REPOSITORY!!!

Definitely need 2FA, this is basic stuff.

WE NEED 2FA IMMEDIATELY W/GOOGLE AUTHENTICATOR

I cannot believe that I come here to find out about Asana’s MFA support only to see the company ignoring hundreds of customers for almost 3 YEARS! Lack of MFA is the sole reason my team will be letting our free trial end rather than pay for Business licenses. Terrible support of a basic use case in 2020.

2FA has still not been implemented? I’m a new customer trialing your software. I will not be using this if you can offer basic account protection.

I created another thread requesting information on this 2FA problem and a moderator closed the topic linking to this thread where no moderator has ever responded or offered any insight into why this feature isn’t available. YEARS LATER… Still no 2FA, are you serious? I’ll probably be going to Monday just because of this by the way.

Hi @Mike_Solomon and thanks for sharing your feedback with us.

As it stands, we offer Google SSO and SAML logging. You can learn about thee two methods here: https://asana.com/guide/help/premium/authentication#gl-sso. While we haven’t planned to implement 2FA just yet, this is definitely something we will continue to evaluate for future updates. I’ll make sure to keep you posted here as soon as I have an update on this topic.

That would be great but for some reason security is only paramount for your Premium and Enterprise users.

@Marie with respect, I’m sure @Mike_Solomon is aware of the limited options available in Asana (google and SAML). It is absolutely ridiculous that Asana still doesn’t offer 2FA. It’s a fundamental feature of any modern platform and a security catch all for those that don’t use or have an identity provider. For such a great platform, this is a completely bizarre omission.

1 Like

Just getting to grips with Asana, my first thought was, right, I need to know my data is safe here so where is the 2FA? Can’t believe it’s not an option, makes me very wary to put so much data here.

1 Like

Thank you for this thread. I am looking for a “to do program” with an eye towards some project management features for personal use. Number 1 on the list of features is 2FA. This thread has saved me the time and effort of looking at Asana, which is a pity since it has been reviewed so favorably. Just like you would not have a user account without a password, any cloud service MUST implement secure 2FA with something like Google/Microsoft Authenticator.

A customer uses Asana and recommended it. Came to find out more about it but could not determine how to set up two factor, and then I found this thread. I found it quite surprising that here we are in 2020, where even my local county government has two factor to pay my water bill, that an entity selling a web-based service / SaaS app, vying for enterprise business, considers their customers’ security an up-charge item. It’s fairly mind boggling.

2 Likes

I LOVE ASANA, and I use it all the time, every day. BUT I have been very frustrated that ASANA does not secure its login authentication with 2FA/MFA like Google Authenticator, DUO or even SMS (which is better than nothing). I wish everyone would please support this as an immediate feature request. I pay a lot of money and I cant believe you cant secure my identity with 2FA/MA. I have politely submitted 2 support/feature requests in the past half year. and Nothing seems to be done about it.

I would support an optional Account 2-Factor Authentication as projects can hold commercially sensitive information.

Hi @Dimitrios_Hilton, welcome to the forum and thanks for taking the time to share your feedback with us!

We have an existing thread related to this topic. I’ve gone ahead and merged your thread with Asana Security Two Factor Authentication to centralize votes!

+1. Asana team should add 2FA asap. It’s 2020 and all major platform have 2FA authentication.

A company not placing importance security for all of its users, or worse, only prioritizing paying users does carry a bad smell. The only worse thing would be asking users to pay for a secured https connection to the platform. We’ve been using the free version for years, then upgraded to premium a year or two ago. We’ve been very happy with it despite the lack of MFA. However our parent company is beginning to review use of external SaaS apps and requiring MFA on all. So, we’ve got a ticking time clock on our end before this might be turned off not of our own choosing. Come on, this seems silly guys @Asana. … And no, we don’t use GSuite, we use O365 like many other lovely corporations. Requiring an upgrade to the invisible sticker price of “Enterprise” to use SAML with Azure AD also smells poorly guys. Come on, this seems silly guys @Asana.

1 Like

Giving it a push again and trying it from a different angle even though 2FA should really be standard, standard.

Team Asana, please think about some bad publicity when a major Asana customer has a data breach due to missing 2FA. This will not be good for the planned IPO.

I guess Asana would like to be the next Sendgrid… https://krebsonsecurity.com/2020/08/sendgrid-under-siege-from-hacked-accounts/

Absolutely agree here. I cannot believe this forum has been going on since 2017 and Asana has yet to add it universally for all levels. Forcing an increase to $49.99 per person which is more than double to price of what people are paying to allow for this is an absolutely unacceptable response. In this day and age of cyber attacks and hackers, not having 2 factor is a dangerous proposition. I strongly recommend you allow Office 365 syncing like you do Google, so then you dont have to worry about it and you allow it at all levels of Asana. If a client’s information is hacked on your site, it will be too late.