HubSpot Ideas

VCL001

2FA: Turn off 'Remember me' option for 2FA challenge

Admins should be able to define which users can or cannot  leverage the 'Remember Me' offer after using 2FA. Additionally, that setting should stick. Even though I chose 'ask me each time', it asks me that question everytime. Additionally, we would prefer that all remote workers use 2FA everytime i.e. never are offered the Remember Me option.

 

If an employee ends up clicking remember me when the company hasn't authorized that and a data breach occurs, HubSpot will end up taking liability for this, especially in the EU, irrespective of the indemnity clause you may have gotten customers to sign, since this is a material defect in your security.

 

Please fix this ASAP.

 

Thanks!

0 Upvotes