cancel
Showing results for 
Search instead for 
Did you mean: 
velocipederider
Pico de Orizaba
Status: Open To Voting

Since there is a lot of potentially sensitive data on Strava it would be nice if you provided some 2FA login methods, such TOTP and Webauthn

30 Comments
BerettaVexee
Shkhara

FIDO/U2F support will be nice.

AlbertDenmark
Mt. Kenya

As an ethical hacker, I find it quite shocking, a huge platform like Strava does not have MFA (Multi Factor Authentication).

As for those who find MFA/2FA a pain in the butt: remember, if it (IT) is simple for you, it is yet more simple for a (black hat) hacker.

Therefore, I do not only vote for OPTIONAL 2FA but for MANDATORY MFA.

Yours sincerity,

Albert Denmark, CEH

BikusLikus
Mt. Kenya

Yes, please!  And offer the better MFA options like others have mentioned, not just SMS or email.

H_H
Mt. Kenya

I say like the previous messages, please implement double authentication with FIDO and or OTP but not by sms or email. It's not very complicated to implement the FIDO webauth web api. Thank you.

Megido
Pico de Orizaba

The security of personal information is more critical than ever in the age of GDPR and CCPA regulations.

Strava, a platform containing a lot of personal and sensitive data, should offer its users the option of Two-Factor Authentication (2FA). By implementing 2FA, Strava can provide an extra layer of security to ensure that user data is not compromised. It's a necessary step towards safeguarding the privacy of its community and should be considered a top priority.

ptas
Mt. Kenya

2FA/MFA should NOT be a discussion point, but an included feature, since this site contains an awful lot of sensitive personal data which you do not want to fall into the hands of hackers!
Furthermore Strava should actively encourage their users to activate this feature in their profile.

bozho_dimitrov
Mt. Kenya

Another alternative to FIDO/OTP is Passkeys

Although most users can sign in with Google or other identity providers directly. It will be a good idea to at least adopt the passkeys as a method of logging in, because all existing users which signed up with their emails are not getting the benefits of more advanced authentication methods right now.

Please consider such logging option at least 🙂

AlbertDenmark
Mt. Kenya

As per today, I deleted all my training information. I am intended to delete my Strava account, since Strava is not willing to take IT Security seriously.
I encourage anyone to delete their Strava account.

sangi_
Mt. Kenya

This should be out of the box for such a service to be honnest...

menbren
Mt. Kenya

Thumbs up to this suggestion!

Dendi
Mt. Kenya

I'm not sure why Strava doesn't have mfa yet. It has access to PHI and location data. 
This is a huge security incident that is waiting to happen. 

 

 

AlbertDenmark
Mt. Kenya

Exactly, Dendi!

In 2024 it is not only very stupid of Strava, but also highly irresponsible not having 2FA.
The only reason why I still have my account, is to be able to comment on this thread - but I do not use Strava anymore! I removed as much as possible of my data.

The people behind Strava should be very, very shaming themselves.

Yours sincerily,

AlbertDenmark
Ethical hacker

LoveToBike
Mt. Kenya

Please please please support Passkeys. In today’s world passwords are compromised left and right. With the mountain of information here we need security!

danw
Pico de Orizaba

Strava hosts a lot of personal data about user's locations and movements. Having 2FA as an option to enhance users security makes sense to me.

mwrinch
Mt. Kenya

It's hard to believe that Strava can't get 2FA in its system, given all the cyber security issues and hacking that goes on globally. They need to be part of the broader community and secure the accounts. Hacking is sophisticated and they can use accounts to collect bits of information about a target. its more than just getting an account hacked but that would also be annoying.