Skip to content

Dustin

← Customer Feedback for Redtail Technology

My feedback

3 results found

  1. Universal 2nd Factor (U2F) Badly Needed ASAP

    63 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    4 comments  ·  Redtail CRM » Settings & Preferences  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    An error occurred while saving the comment
    Dustin commented  · 

    It's been over two years since anything has progressed here. SMS and voice-based 2FA is *still* not real 2FA. I understand why these methods are allowed, I don't understand why they are the *only* MFA methods allowed.

    TOTP-based 2FA (e.g. Google Authenticator) is the minimum these days. Redtail still doesn't have it. U2F and FIDO are quickly catching on too.

    It might be a little different if Redtail had good SSO integration, but they don't have that either. You can use Redtail to log in to other things, but not the other way around. If Redtail allowed easy-to-set-up SSO you could just log in to Redtail with your Microsoft 365 account, or Google account, or whatever, and have all the protections (including MFA, conditional access, etc) and one less password to remember.

    An error occurred while saving the comment
    Dustin commented  · 

    It's been over a year. Any updates?

    An error occurred while saving the comment
    Dustin commented  · 

    Agreed 100%. Also, SMS based 2FA is not actually two factor authentication, it is two STEP authentication.

    With SMS-based codes, if our hourly employees access Redtail they have to use a PERSONAL PHONE for work purposes.

    Redtail could at least implement TOTP-based 2FA. It is not as good as U2F/FIDO and FIDO2, but it is much better than SMS-based verification codes

    Dustin supported this idea  · 

  2. 3CX

    33 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    5 comments  ·  Redtail CRM » Integrations  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    Dustin supported this idea  · 

  3. More control over password requirements and longer/complex passwords allowed

    67 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    8 comments  ·  Redtail CRM » Settings & Preferences  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    Dustin supported this idea  · 
    An error occurred while saving the comment
    Dustin commented  · 

    Adding to this - the NIST guidelines specifically discourage periodic password rotations entirely, advising that forced password resets should only be performed when there is evidence of an account compromise.

    From section 5.1.1.2 of NIST 800-63b:

    "Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically). However, verifiers SHALL force a change if there is evidence of compromise of the authenticator."

    https://pages.nist.gov/800-63-3/sp800-63b.html

    At least allow up to opt out of periodic password rotations. As others, including NIST, have said, it just makes passwords weaker.

Feedback and Knowledge Base

(thinking…)