Showing results for 
Search instead for 
Did you mean: 
Pico de Orizaba
Status: Gathering Kudos

Since there is a lot of potentially sensitive data on Strava it would be nice if you provided some 2FA login methods, such TOTP and Webauthn


FIDO/U2F support will be nice.

Mt. Kenya

As an ethical hacker, I find it quite shocking, a huge platform like Strava does not have MFA (Multi Factor Authentication).

As for those who find MFA/2FA a pain in the butt: remember, if it (IT) is simple for you, it is yet more simple for a (black hat) hacker.

Therefore, I do not only vote for OPTIONAL 2FA but for MANDATORY MFA.

Yours sincerity,

Albert Denmark, CEH

Mt. Kenya

Yes, please!  And offer the better MFA options like others have mentioned, not just SMS or email.

Mt. Kenya

I say like the previous messages, please implement double authentication with FIDO and or OTP but not by sms or email. It's not very complicated to implement the FIDO webauth web api. Thank you.

Pico de Orizaba

The security of personal information is more critical than ever in the age of GDPR and CCPA regulations.

Strava, a platform containing a lot of personal and sensitive data, should offer its users the option of Two-Factor Authentication (2FA). By implementing 2FA, Strava can provide an extra layer of security to ensure that user data is not compromised. It's a necessary step towards safeguarding the privacy of its community and should be considered a top priority.

Mt. Kenya

2FA/MFA should NOT be a discussion point, but an included feature, since this site contains an awful lot of sensitive personal data which you do not want to fall into the hands of hackers!
Furthermore Strava should actively encourage their users to activate this feature in their profile.

Mt. Kenya

Another alternative to FIDO/OTP is Passkeys

Although most users can sign in with Google or other identity providers directly. It will be a good idea to at least adopt the passkeys as a method of logging in, because all existing users which signed up with their emails are not getting the benefits of more advanced authentication methods right now.

Please consider such logging option at least 🙂

Mt. Kenya

As per today, I deleted all my training information. I am intended to delete my Strava account, since Strava is not willing to take IT Security seriously.
I encourage anyone to delete their Strava account.

Mt. Kenya

This should be out of the box for such a service to be honnest...

Mt. Kenya

Thumbs up to this suggestion!