Advice Request Why is there no 2FA on Bitdefender Central?

[Darlene]

I wonder why there is no 2FA (mobile authentication or hardware tokes) or other extra security measures build into Bitdefender Central.

With extra security measures I mean:

- A log section for every login attempt (information about location/IP, browser type and version, ...)
- Notifications for suspicious login activities
- Some sort of lock-down mode

If your password get compromised (simply a keylogger), the person could wipe all data remotely form all the devices associated with the bitdefender account trough the anti-theft feature.

 

[FrankS]

But no keylogger has a chance because you're using BitDefender!
Okay, serious now: Kaspersky and Emsisoft does it on the same way: simple login with e-mail adress and password. I will contact Emsisoft and Kaspersky for improving the login.

edit: a two-step-verification would be a nice one. enter your e-mail + password at login section and after clicking on "Login" you need to click on two of five or six numbers of your security-key generated in bd central. Like this one, shown on the screen below.

 

[SHvFl]

Yeah i noticed that also but someone here advised me to use a gmail,outlook or Facebook account for Bitdefender so i can have 2 step authentication. You might want to do that.

 

[_CyberGhosT_]

Kind of ironic isn't it linking crap like FB to access a Cadillac like Bitdefender
makes me scratch my head.

 

[Ink]

Yeah i noticed that also but someone here advised me to use a gmail,outlook or Facebook account for Bitdefender so i can have 2 step authentication. You might want to do that.

You can find out more about OAuth and the possible risks that come with Social Logins.

OAuth: http://lifehacker.com/5918086/under...g-into-a-site-with-google-twitter-or-facebook
Possible Risks: https://blog.dashlane.com/5-reasons-wary-social-logins/

 

[CMLew]

I wonder why there is no 2FA (mobile authentication or hardware tokes) or other extra security measures build into Bitdefender Central.

With extra security measures I mean:

- A log section for every login attempt (information about location/IP, browser type and version, ...)
- Notifications for suspicious login activities
- Some sort of lock-down mode

If your password get compromised (simply a keylogger), the person could wipe all data remotely form all the devices associated with the bitdefender account trough the anti-theft feature.

Well, if you installed BD and you login into BD Central and some form of malware compromise your PW, that simply shows no-confidence vote to BD software. If thats the case then why should we even buy BD when BD can't even protect you .

 

[Cohen]

I don't use BitDefender (anymore), but having an option to enable 2FA should be on every site possible.
Two layers of security is better than one, especially if it's as simple as putting in a 6-digit code every now and again when you login.

 

[Axelrod Sven]

Yeah i noticed that also but someone here advised me to use a gmail,outlook or Facebook account for Bitdefender so i can have 2 step authentication. You might want to do that.

It was me.

On a further note... I think its because that these companies themselves may believe there's no need for two-Factor Authentication. If there's a Password Manager (as is the case in Kaspersky and BitDefender), having a long-enough password would help. If for whatever reasons you don't have the Password Manager it's your loss...supposedly. And they are that confident that their systems won't be compromised. Maybe it's an open invitation for hackers to attempt to access the Password Database, and the Security Researchers understand what the hackers do, and how they do it.

Or it's just something that's too technical, costly and complicated for these companies to incorporate at the present time. Similar to why Banks don't? Maybe there's some technical problems at their end that prevent it?

Every website that has a login, must put reasonable effort for having 2Factor Authentication. I'm glad @MalwareTips does... I hope Two Factor Authentication becomes a standard procedure in the near future.

 

[Darlene]

The only official bitdefender response on this question is: twitter

In my opinion it does not make sense, if 2FA is optional, why would it slowdown the user experience?

The 2FA discussion is on the bitdefender forum for quite a while, but no response so far.

@FrankS Let me know what the response form emsisoft and kaspersky was

 

[FrankS]

Emsisoft will not add 2FA. If my serial number is stolen, Emsisoft generates a new one for me and will delete the stolen one.
I contacted the Kaspersky-Support before two minutes.

 

[FrankS]

Kaspersky responded with the standard procedure: The Kaspersky customer service has forwarded that improvement to Russia.

 

[orphyone]

Every website that has a login, must put reasonable effort for having 2Factor Authentication. I'm glad @MalwareTips does... I hope Two Factor Authentication becomes a standard procedure in the near future.

I know this old post but for Payment Card Industry (PCI) DSS 3.2 requires MFA now, I believe they are getting around this requirement by using Avantgate for Payment processing perhaps? Regardless, it's 2018 (greeting from the future!) and still nothing.