Two Factor Authentication login to PandaDoc

Comments

38 comments

  • Official comment
    Avatar
    Alexander Benderski

    We are happy to announce that 2FA is available on all plans!
    Read more in Help Center article.

    Comment actions Permalink
  • Avatar
    Rocky

    At this time PandaDoc does not offer two-factor authentication for login. But we are always updating and our Dev Team loves to hear feedback and suggestions like this. You can leave them this suggestion here in our Idea Portal.

    Cheers!

    -7
    Comment actions Permalink
  • Avatar
    William K Santiago

    Indeed a must have feature.

    8
    Comment actions Permalink
  • Avatar
    LENIS MACHINES INC.

    This is a very important and must-have feature for important and payment-related documents.  

    8
    Comment actions Permalink
  • Avatar
    Varun Singh

    Yes, I was looking for 2FA today and I am very surprised that there is no 2FA! Please add it asap.

    We would prefer 2FA choices - Authenticator App, Physical Key (like yubi key) and mobile number.

     

    TIA!

    7
    Comment actions Permalink
  • Avatar
    Jason McWhirr

    Please implement this immediately! This is a massive security risk 

    7
    Comment actions Permalink
  • Avatar
    Travis Fitzgerald

    Was going to go with Pandadoc - but cannot because it doesnt have 2FA

    6
    Comment actions Permalink
  • Avatar
    Mike McPhee

    Hello, Yes please if 2FA could be added ASAP.

    6
    Comment actions Permalink
  • Avatar
    Ted Hughes

    Agreed. We need 2FA or will be forced to change services.

    5
    Comment actions Permalink
  • Avatar
    Rocky

    Hi all, 

    Thank you all for commenting here regarding this need. Please be sure to also make the suggestion here in our Idea Portal, this is where the Dev team gathers user requests and prioritizes new features.

    Thank you

    -6
    Comment actions Permalink
  • Avatar
    La Vida Privada HOA

    You guys need 2 factor authentication.  These forms have very sensitive information on them.  Hacking is very prominent.  

    4
    Comment actions Permalink
  • Avatar
    William K Santiago

    Indeed what is management waiting for or is it stuck in lack of development resources.

    5
    Comment actions Permalink
  • Avatar
    Thomas D'Hoe

    any updates here, please? 

    6
    Comment actions Permalink
  • Avatar
    Darren Kewley

    Can anybody provide an update on this? As part of the UK Government Cyber Essentials scheme, cloud apps will need MFA enabling. It's astounding that you don't have this feature at all, and even more astounding you haven't actioned this thread in over a year. You also charge a premium for SSO -- is security an afterthought at PandaDoc?

    8
    Comment actions Permalink
  • Avatar
    Manuel Shipwood

    Any updates on this? The request is already a year old. How to enable 2FA ?

    3
    Comment actions Permalink
  • Avatar
    Rocky

    Hi All, 

    While we currently only have SSO for account sign-in, we have just recently updated recipient document two-factor authentication. Now, you can create a document that needs a passcode or SMS verification:

    This update is available for both Business and Enterprise plans, you can read more about it here - if you do not have access just yet, please reach out to Support@pandadoc.com and they will assist. 

    Please be sure to add your 2FA login request over at our user voice portal - the more official requests we get the more Dev will look into implementing this. 

    Thank you

    -5
    Comment actions Permalink
  • Avatar
    Mike McPhee

    Thank you for letting us know of the voting for features. I hope everyone on this thread goes and votes for this.

    It is a bit of a joke we need to vote for 2FA on login. 2FA is expected these days on cloud apps for business.

    Google provides developer support for their Authenticator app, and likely would take a couple of your developers an afternoon to review and implement. Clearly there would need to be some testing before rolling it out, but really this is basic functionality folks.

    https://cloud.google.com/identity-platform/docs/web/mfa

    4
    Comment actions Permalink
  • Avatar
    William K Santiago

    A tiny step forward but still not enough.  SMS is clear text and is hacked by using sim swap. 

    Keep up the updates and do continue to enable using ideas like the one above by Mike

    Thanks

    2
    Comment actions Permalink
  • Avatar
    Jenny Eaton

    I am considering moving to a platform that offers 2FA. Rampant cyber crime has made 2FA a necessity and should be part of the basic platform provisions. Many in our industry have shunned the idea of using PandaDoc because of this. I feel this should be a priority for development. Please make a priority because I love PandaDoc. Thank you

    5
    Comment actions Permalink
  • Avatar
    Florence Mudaheranwa

    I agree, once you start having sensitive information without Authenticator you feel insecure. Security is a big thing and should be a priority.

    3
    Comment actions Permalink
  • Avatar
    Varun Singh

    Already moved to Zoho Sign for this reason. Even though I prefer the interface of Pandadocs, lack of 2FA leaves us vulnerable.

    3
    Comment actions Permalink
  • Avatar
    Jason McWhirr

    There is a SSO option without going to enterprise. We've had to bite the bullet and buy it to enforce MFA - it is mandatory for the UK Cyber Essentials scheme post 2022. The integration was quick via Microsoft365 SSO and a lot easier than migration.

    Its an extra unwarranted annual expense really as we didn't need SSO - we needed MFA.

    2
    Comment actions Permalink
  • Avatar
    Mike McPhee

    Will have to review Zoho Sign and some other options, unfortunately...  Great job pulling the trigger on a move...  I've had high hopes that this would be taken seriously, but seems to be falling on deaf ears.  

    Pretty shocking that this hasn't been prioritized, and does make me question the security mindfulness of the platform in general if the folks at Panadoc can't comprehend the need for industry-standard 2FA.  It is a bit of a joke asking us to vote for this feature to be considered.

    Quoting the above-suggested alternative "recipient document two-factor authentication".  This will not keep all our documents secure.  We need to secure our access to the platform and all documents we have access to.  Our sales rep is all over wanting to sell us the upgrade to recipient 2FA but seems unable to understand what I'm asking for with this request.

    3
    Comment actions Permalink
  • Avatar
    Darren Kewley

    This shouldn't be something you 'vote' on guys -- the National Cyber Security Centre here in the UK has made MFA on cloud apps mandatory after January 2023 for the Cyber Essentials Scheme, which is gathering more and more attention as it is required in supply chains. Companies are advised to move away from cloud providers who will not enable MFA. I have also heard discussions that organisations that are resistant may also be reported to the Cloud Industry Forum. The pushback from PandaDoc on this is concerning that security is not a priority and raises questions about what other basic security features are being ignored elsewhere. 

    5
    Comment actions Permalink
  • Avatar
    Billy Thomas

    Still not complete! I just asked support. They told me to submit my concern to the community and get it voted up! It's been two years since the original request now.

    4
    Comment actions Permalink
  • Avatar
    Dustin Balint

    Adding yet another voice to this. PandaDoc team, lack of true 2FA / MFA is a huge security concern—this should be taken very seriously and made a top priority. Please provide an update with a meaningful response to this, and a timeline for 2FA / MFA implementation.

    3
    Comment actions Permalink
  • Avatar
    Crosby Loggins

    Been following this thread for a while now and finally motivated to post by Billy's update above. MFA is an absolute must for any legitimate online platform that is even remotely concerned with security. If you're not concerned with security these days, you are the low hanging fruit for attackers, which is not a good posture at all. Especially for a platform that handles sensitive legal documents and data for so many people. Come on team, long past time to fix this.

    2
    Comment actions Permalink
  • Avatar
    Patrick Smalley

    How is this feature not considered mission critical!?!?! 
    Two years ago this was brought to your attention and the official response is "go vote for it". 

    Why should the community justify you implementing best practices?

    I would expect your team to realize you messed up in not adding this. 

    2
    Comment actions Permalink
  • Avatar
    Florence Mudaheranwa

    I agree, 2 years is a very long time for 'no action'. We are supposed to feel secure for what we use it for.

    2
    Comment actions Permalink
  • Avatar
    Jason McWhirr

    MFA not an option or likely to be. We had to pay for SSO as an additional per user charge rather than going to enterprise which would have been cost prohibitive. Used MS365 for SSO and works well tbh.

    For UK Cyber Essentials SSO is the only option.

     

    0
    Comment actions Permalink

Please sign in to leave a comment.