MFA for Nabucasa cloud

Hi,

not a feature request for HA but for Nabucasa Cloud account administration.

Nowadays there shouldn’t exist publicly accessible services only secured by username/password but with MFA. Still, our Nabucase Cloud account admininistration is lacking MFA. Even thought I have access to:

  • Remote UI (yeah, I secured that one with MFA)
  • Subscription and payment
  • Delete my account
  • Changing password
  • Changing email preferences

Too much for not being secured with MFA.

Don’t forget to vote for your own request.

I’ve had it a couple of times where I had to login to nabu casa and remember thinking I am missing some 2fa layer. Definitely voting up!

1 Like

How is this not a thing yet…should be number 1 on the list for security. Please give any updates.

1 Like

Please, please, DO implement MFA. It scares me every time I login to this thing and am not asked for a 2FA authentication. Literally anyone in the world could login to my system, if they’re able to get hold of my password.

1 Like

I was surprised there was not even TOTP as a possible option for 2FA. Please do implement this as soon as possible; I feel rather insecure using this service otherwise :frowning:

1 Like

It is totally unacceptable that my complete HA environment is open to the world behind a username and password only.

1 Like

This is exactly the reason why I now canceled my subscription (Even though I really would like to support Home Assistant).
I posted this discussion for over 2 years ago, still nothing happened. This is far too risky.

4 Likes

This is a showstopper for buying a subscription…

2 Likes

Agreed. I really love HA and Nabu Casa. But am seriously considering cancelling my subscription, because it’s such an egregious security vulnerability to expose my system to the entire world with simply a user ID and password. That’s really unacceptable in this day and age.

1 Like

Same here; this is a biggie.

I decided to create a Nabu Casa account yesterday to support the project, and committed to a 1-year subscription before even looking at all the features offered after I logged in.

I was very surprised to see that the authentication settings didn’t offer MFA.
Wondering how this could be prioritized…

just signed up for the 1 month nabu casa trial - was extremely surprised there wasn’t an option for mfa. decided to search, as i was sure it existed and i was simply overlooking it… even more disappointed to find a 3+ year old ignored feature request for it.

it was already nabu casa vs cloudflare tunnel for me. i was leaning towards nabu casa simply to support the developers, but not sure i feel comfortable with my nabu casa cloud account missing this.

so am i, i just do not understand how it is possible to not mention it anywhere…
so no plan to support this vital feature?

In the UK, MFA on all web-facing services is a mandatory requirement for suppliers to government, NHS etc. as it is a requirement of the government backed Cyber Essentials certification. I know HA might be meant more for home users, but if a business is using it, and it doesn’t have MFA, you cannot supply government or many large businesses!

This is essential in my view.