Support Board
Date/Time: Tue, 15 Apr 2025 14:16:13 +0000
Plans for Multi-Factor Authentication?
View Count: 599
| [2024-12-03 04:22:01] |
| User925540 - Posts: 62 |
|
Hoping that 2/Multi factor authentication is on the roadmap. All the clearing firms and brokers supported by sierra chart use that for authentication, tough to think that folks would be logging in to their brokerage accounts (or at least accessing the same data of those account) with just a username and a password through Sierra chart. Hopefully something you'd consider adding in 2025. Thanks. |
| [2024-12-03 14:42:59] |
| Sierra_Chart Engineering - Posts: 19226 |
|
No, no plans for this. Our recommendation is to use a very secure password and change it from time to time. Fundamentally we do not agree with using another device. There are various other methods by which logins can be made more secure. We will look at those. Sierra Chart Support - Engineering Level Your definitive source for support. Other responses are from users. Try to keep your questions brief and to the point. Be aware of support policy: https://www.sierrachart.com/index.php?l=PostingInformation.php#GeneralInformation For the most reliable, advanced, and zero cost futures order routing, use the Teton service: Sierra Chart Teton Futures Order Routing |
| [2024-12-03 22:42:13] |
| User925540 - Posts: 62 |
|
Not sure what you meant by another device, but you could just add an option for users to opt for 2FA and send a verification code to the email addressed registered with the account. That would be a decent start, and I don't think that would require a lot of effort, SierraChart already sends automated emails related to account/billing. That way, at least if SC password got compromised it won't be a a single point of failure that could lead to catastrophic outcomes. I'm sure SierraChart has large customers with massive accounts using Teton, I'm surprised that they haven't raised that request/concern before. Just a suggestion, it would protect both the customers and SierraChart. Thank you. |
| [2024-12-09 18:59:36] |
| Sierra_Chart Engineering - Posts: 19226 |
|
Yes but email delivery is not always reliable. That is the problem. We certainly would never force a requirement like this. Perhaps it could be made optional. Although there is a lot of development involved in that. And it makes logins unreliable if something fails among the components required since there are external systems required. Another alternative could be public/private key authentication. Sierra Chart Support - Engineering Level Your definitive source for support. Other responses are from users. Try to keep your questions brief and to the point. Be aware of support policy: https://www.sierrachart.com/index.php?l=PostingInformation.php#GeneralInformation For the most reliable, advanced, and zero cost futures order routing, use the Teton service: Sierra Chart Teton Futures Order Routing Date Time Of Last Edit: 2024-12-09 19:00:27
|
| [2024-12-12 00:05:11] |
| User925540 - Posts: 62 |
|
Agree, email/SMS/app notifications for authentication are not 100% reliable, that's why most 2fa authentications have the "resend email/notification option". I agree also that you don't have to enforce it, it should be there, it should be recommended, but if the user doesn't use it, that's on him/her (same as the idea of order confirmation, right? it's for the safety of the user/account, if you don't use it, that's on the user kinda thing). Not sure about public/private keys, that would mean you'd restrict access to the application to specific PCs/laptops/terminals/server? I personally wouldn't be a fan of that, I'd like to be able to access the account from anywhere, but just be sure that at least 2 authentication methods are used. Step 2, maybe an email notification when you access SC (desktop or web) from an different region/country than what's registered on your account. But that's an enhancement and not as important. Just bouncing ideas that might inspire the development, thanks for listening :) Looking forward for to see the improvements you decide to bring in 2025. |
| [2024-12-12 00:34:27] |
| User61168 - Posts: 433 |
|
+ 1 for giving users the option to opt in/out. + Authenticator mobile app with faceID for convenience. |
| [2025-02-28 07:25:04] |
| User01337 - Posts: 37 |
|
Yes we definitely need a optional sms or email 2fa or just regular 2fa where you use apps like Authy. For me public/private key auth is also fine but I would have to keep it on a USB stick or something while travelling. Also most people don't know how to use that method. |
| [2025-03-31 10:38:15] |
| User408639 - Posts: 71 |
|
Moin Moin. Agreed.: With all of the above.: MFA is mandatory in most countries for banking but Email/SMS/...-stuff is inseure. As with all "https://en.wikipedia.org/wiki/Trusted_Platform_Module"-based authentications the basic idea is, that the TPM-chips are built in a way to be burned up by the x-rays produced by electron-microscopes trying to read out their keys.: It is like in Mission Impossible.: https://spymovienavigator.com/filmclip_type/this-message-will-self-destruct . So, one can use Microsoft/Google-Authenticator, which will not be giving out the keys, but just a signature signed with the key. Both of them are available for all Apple/Android-smartphones. Attached You can find a short overview assembled by ChatGPT showing how to implement this. If You have Your own Windows-Azure-Tenant at https://login.microsoftonline.com (i.e., Work- and School-accounts) You can even use Entra-ID B2C for it, implementing it with JSON-based Workflows with almost no code (e.g., "https://aka.ms/aadb2c", "https://www.youtube.com/watch?v=h5bxhZRF4mI"). _Cheers, __Michael. P.S.: As I cannot attach files to this chat, You can find it now at https://soliman.de/Sierra-Chart-MFA.docx P².S.: Please consider the above read-only--posts to have been liked. Date Time Of Last Edit: 2025-03-31 10:43:13
|
To post a message in this thread, you need to log in with your Sierra Chart account: