Add an option to enable MFA using TOTP on FamilySearch accounts.

Mark Horstman

I wish the FamilySearch devs would add the option to enable Multi-Factor Authentication (MFA) on FamilySearch accounts using a time-based one-time passcode (TOTP) generator (e.g. Google Authenticator or YubiKey Authenticator).

MFA using TOTP would be a welcome feature that would virtually eliminate the risk of having your FamilySearch account hacked or stolen. Even if someone was able to guess your userid and password, they wouldn't be able to login to your account without your physical authenticator.

I don't think MFA should be forced on FamilySearch account holders. But having the option would be very useful.

https://en.wikipedia.org/wiki/Multi-factor_authentication

https://en.wikipedia.org/wiki/Time-based_one-time_password

Julia Szent-Györgyi

I stand by my opinion that MFA is evil incarnate, but that aside, why on Earth would anyone actually want that level of hassleification on FamilySearch of all places?

What are the chances of anyone wanting to hack someone's FS account? Besides approximately negative zero? What would anyone want to do with a stranger's account? What would he/she be looking to find? Bank account numbers for dead people?

Gordon Collett

Are you using a Member account or a Public account on FamilySearch?

If you have a Member account have you turned on two-factor authentication on your Church account? If so, you could give your FamilySearch Member account a unique, very complex password and never actually use it and just use your two-factor enabled Church account to sign into FamilySearch. ( https://www.familysearch.org/en/help/helpcenter/article/sign-in-to-familysearch-with-my-church-account )

On Church accounts they offer Okta Verify, OTP Fob, Biometric, or Text Message as ways to set up two-factor authentication.

Mark Horstman

https://community.familysearch.org/en/discussion/comment/506572#Comment_506572

As long as it's an option and you don't have to use it, why do you care? Just because you don't find it helpful doesn't mean others won't. "Why would anyone want something I don't!". Don't like it? Don't enable it. Some of us like to secure the things that are important to us.

Mark Horstman

https://community.familysearch.org/en/discussion/comment/506575#Comment_506575

I am not a Member and so was unaware that MFA was already available to Members. That the Church has made FamilySearch to all is wonderful. Here's hoping they allow MFA for all users.

Complex password or not, if someone hacks a system and absconds with userids and associated passwords (complex or not), they'd be useless if MFA with TOTP was enabled.

Adrian Bruce1

"why do you care?"

1. If FS go ahead and program this, then that's time taken away from correcting basic facilities in FamilySearch FamilyTree that don't work - like an inability to distinguish marriage banns and licences from the actual wedding in the wrong place.
2. If FS go ahead and program this - what are the risks of it failing catastrophically? (Maybe minimal if they've already got it for Church Accounts, but we need to ask the question)
3. What are the dangers of someone switching it on without understanding it and getting locked out of their account? Who fixes that? And if they can, what was the use of the MFA in the first place?
4. What exactly do you wish to protect and why is it in FamilySearch in the first place? No, that is an important question because FS needs to establish a cost-benefit analysis for the request.

Mark Horstman

I don't understand the hate for an enhancement request that keeps the website in line with current security advancements. I've been writing software for over 30 years. All work is prioritized by the owners. Depending upon the severity, fixes normally have a higher priority than enhancements. Asking for enhancements does not jeopardize work on fixes. Enhancements help the product move forward to keep up with the times (e.g. the latest UI rewrite).

Why do I want MFA? I find the FS website immensely rewarding and love to share the data I've gathered with other family members. I've talked many of my friends into using the website and have helped them find information about their family they were entirely unaware of. I've put a lot of time into researching and keeping my tree up to date in FS. I don't want someone masquerading as me and ruining my hard work, no matter what website it is. If FS gets hacked and login credentials get compromised, there's nothing stopping nefarious individuals posting as me. Is that important? It is to me.

'Nuff said. It was a honest enhancement request. Nothing more.

Adrian Bruce1

"I've put a lot of time into researching and keeping my tree up to date in FS. I don't want someone masquerading as me and ruining my hard work, no matter what website it is"

Commendable - but is "your" tree part of FamilySearch FamilyTree? If so, you do realise that anyone can alter the data (about deceased people) that you have entered into FS FamilyTree? They don't need to pretend to be you - it's an open-edit tree.

Mark Horstman

Yes, I know. But they can't make the changes *as me*.

Adrian Bruce1

"Yes, I know. But they can't make the changes *as me*"

OK - I'm unclear how that does or doesn't help but I'll leave that to you and your work processes.

Mark Horstman

I hope you never have to experience being member on a valueable website that suffers a breach of their login credentials and someone hijacks your account.

davidnewton2

https://community.familysearch.org/en/discussion/comment/506717#Comment_506717

Valuable website?! For non-Mormons it's a hobby in almost all instances. It's a hobby which has no payment or subscription information associated with it on an essentially open-edit website. As Julia said why would someone want to hack it? There's nothing valuable to get hold of through hacking it. The highest likelihood of someone hacking it is a script kiddie for the lolz. In other words a person with nihilistic tendencies. Someone like that is hardly likely to alter everything in the section of FSFT containing those nearest to you. They're far more likely to simply want to destroy the site.

For Mormons it's entirely different of course, but as has been pointed out further up the thread they already have the option of using an account with MFA of some kind available.

As for "the hate for an enhancement request"? Hardly. If you think the response you've received is "hate" then you have a very odd idea of what "hate" is. Detailed counter-arguments have been made to your proposal. Solid questions and objections have been raised and backed by reasoned arguments.

The problems with MFA causing enormous headaches for volunteers in the centres would be very real. There are legions of examples of users posting to this very forum talking about forgotten passwords, misplaced usernames and getting locked out of accounts. That would be many, many times worse if MFA were introduced into the mix. MFA would indeed help security of logins, vastly more so than the security theatre of the inactivity timeout and 2 week situation they have at the moment. However the extra work it would create would vastly outweigh its usefulness.

I can cope with it perfectly well. I am used to MFA for multiple systems and indeed I administer Windows logon MFA for the charity I work for. Just this morning I had to reset the MFA details of one our volunteers. That volunteer is in exactly the kind of age and technology ability demographic which typifies genealogy. In other words older in years and hardly brilliant with computers. Precisely the sort of user who would likely cause mayhem for centre volunteers through very high rates of losing access to accounts through MFA being in play.

A Familysearch login is a login to a low-value site in terms of information available to hackers which can be edited by anyone with an account anyway. The loss of convenience MFA would represent is not commensurate with the security benefits it would provide.