This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Community Hub Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Add 2FA support for logins

velocipederider
Pico de Orizaba
‎03-16-2023 12:40 PM
Status: Gathering Kudos

Since there is a lot of potentially sensitive data on Strava it would be nice if you provided some 2FA login methods, such TOTP and Webauthn

See more ideas labeled with:
28 Comments
BerettaVexee
Shkhara
‎08-29-2023 11:26 PM
‎08-29-2023 11:26 PM

FIDO/U2F support will be nice.

AlbertDenmark
Mt. Kenya
‎09-01-2023 11:11 AM
‎09-01-2023 11:11 AM

As an ethical hacker, I find it quite shocking, a huge platform like Strava does not have MFA (Multi Factor Authentication).

As for those who find MFA/2FA a pain in the butt: remember, if it (IT) is simple for you, it is yet more simple for a (black hat) hacker.

Therefore, I do not only vote for OPTIONAL 2FA but for MANDATORY MFA.

Yours sincerity,

Albert Denmark, CEH

BikusLikus
Mt. Kenya
‎10-18-2023 08:56 AM
‎10-18-2023 08:56 AM

Yes, please!  And offer the better MFA options like others have mentioned, not just SMS or email.

H_H
Mt. Kenya
‎11-01-2023 11:15 AM
‎11-01-2023 11:15 AM

I say like the previous messages, please implement double authentication with FIDO and or OTP but not by sms or email. It's not very complicated to implement the FIDO webauth web api. Thank you.

Megido
Pico de Orizaba
‎11-26-2023 03:50 AM
‎11-26-2023 03:50 AM

The security of personal information is more critical than ever in the age of GDPR and CCPA regulations.

Strava, a platform containing a lot of personal and sensitive data, should offer its users the option of Two-Factor Authentication (2FA). By implementing 2FA, Strava can provide an extra layer of security to ensure that user data is not compromised. It's a necessary step towards safeguarding the privacy of its community and should be considered a top priority.

ptas
Mt. Kenya
‎01-02-2024 03:55 AM
‎01-02-2024 03:55 AM

2FA/MFA should NOT be a discussion point, but an included feature, since this site contains an awful lot of sensitive personal data which you do not want to fall into the hands of hackers!
Furthermore Strava should actively encourage their users to activate this feature in their profile.

bozho_dimitrov
Mt. Kenya
‎01-26-2024 05:42 AM
‎01-26-2024 05:42 AM

Another alternative to FIDO/OTP is Passkeys

Although most users can sign in with Google or other identity providers directly. It will be a good idea to at least adopt the passkeys as a method of logging in, because all existing users which signed up with their emails are not getting the benefits of more advanced authentication methods right now.

Please consider such logging option at least 🙂

AlbertDenmark
Mt. Kenya
‎04-14-2024 06:55 AM
‎04-14-2024 06:55 AM

As per today, I deleted all my training information. I am intended to delete my Strava account, since Strava is not willing to take IT Security seriously.
I encourage anyone to delete their Strava account.

sangi_
Mt. Kenya
‎05-13-2024 01:39 PM
‎05-13-2024 01:39 PM

This should be out of the box for such a service to be honnest...

menbren
Mt. Kenya
‎05-13-2024 11:45 PM
‎05-13-2024 11:45 PM

Thumbs up to this suggestion!

Dendi
Mt. Kenya
‎07-03-2024 11:53 AM
‎07-03-2024 11:53 AM

I'm not sure why Strava doesn't have mfa yet. It has access to PHI and location data. 
This is a huge security incident that is waiting to happen. 

 

 

AlbertDenmark
Mt. Kenya
‎07-03-2024 11:57 AM
‎07-03-2024 11:57 AM

Exactly, Dendi!

In 2024 it is not only very stupid of Strava, but also highly irresponsible not having 2FA.
The only reason why I still have my account, is to be able to comment on this thread - but I do not use Strava anymore! I removed as much as possible of my data.

The people behind Strava should be very, very shaming themselves.

Yours sincerily,

AlbertDenmark
Ethical hacker

LoveToBike
Mt. Kenya
Tuesday
Tuesday

Please please please support Passkeys. In today’s world passwords are compromised left and right. With the mountain of information here we need security!

Community Hub Quick Help

Copyright © 2024 Khoros, LLC