Accepted/In Progress

Add Google Authenticator two-factor authentication to Webroot SecureAnywhere business console login

  • 2 November 2016
  • 40 replies
  • 8823 views

Userlevel 4
Hello,
 
I'd like to request a feature, we are currently upping all of the security for the services that we purchase from various companies by using Google Authenticator.
 
I've asked with Webroot support if such feature currently exists that you are prompted for a authenticator code when logging in to the business console and I was asked to do a feature request.
 
best regards,
 
Thomas
 
 

40 replies

Userlevel 1
Hi Thomas,
 
Improving our two-factor security options is definitely something on our roadmap, and Google Authenticator is likely to be one of the new options added.  Unfortunately I couldn't give an exact date on when this might be implemented at present, and is more likely to be implemented in the mid-term rather than in the very near future.
 
Please don't hesitate to comment again if you have any further questions 🙂
Userlevel 4
Hi Chris, Thanks for your response and the transparency. Best regards, Thomas
Userlevel 6
Badge +24
Hello All!
 
I'd like to upvote this to include other multifactor platforms such as AuthAnvil, Duo, etc.
 
Regards,
 
Jesse Cail, CISSP, GSEC
Security Engineer
Userlevel 6
Badge +24
I would like to request this as well.  We are moving our entire organization and its clients to 2FA for areas we consider sensitive. Our AV management would be such an area.
Userlevel 7
Badge +35
We are reviewing all feature requests - switching status to get it into the appropriate queue.
Userlevel 6
Badge +24
yay!
Userlevel 2
Badge +9
+1, thanks!
I spoke with a Webroot supportperson today about using one time password (totp) to sign in and was encouraged to create a feature request.
Noticed this older one after creating a new one..
I work for an msp and we also would like to switch to totp login authentication into the Webroot GSM console.
There are many free and not free mobile apps that you can use for totp authentication, we use one from Duo Security.
Userlevel 2
Badge +4
For a security company, this seems like something that should have been implemented a long time ago.  I can say from my side of things that we already use both Google Authentication and Azure AD MFA and would welcome the option to configure either for access to our secureanywhere logins.  the existing passcode solution is goofy and not something we can enforce.
It seems irresponsible that webroot hasn't implemented this, considering how long that the feature has been requested and the potential security access that the GSM has into protected computers.
TFA seems like a no-brainer for any security related account.
This is a major reason we've refused to purchase Webroot for our Enterprise. Since this has finally, after several years of be beating up my rep for it been accepted. Do you have any timeline information you can share? Our current agreement with a competitor is expiring soon and I want to take a hard look at Webroot again. 
2FA is a must have in the current security environment, especially when managing the security platform for 20+ companies like I do. Having Google authenticator will help me sleep at night, and I already use it for several other platforms. 
Userlevel 7
Badge +35
Thank you for the additional comments and kudos. Our team is scoping this out, but does not have a specific date yet. We will let you know once we have further information. 
I find this reply troubling considering how long your users have been asking for it... Webroot even published a blog last year basically stating you should use it where possible, yet you don't offer it. It should be one of your development teams highest priorities. 
 
https://www.webroot.com/blog/2017/11/07/two-factor-authentication/
 
You even have a Project Manager (BradW) stating you were considering implimenting this 5 YEARS AGO. 
https://community.webroot.com/t5/Feature-Requests/Add-two-factor-authentication-to-Webroot-SecureAnywhere-console/idi-p/24374
 
 
 
 
Preach @
 
It's pretty disgraceful. 
Update: Just finished a demo after a rep reached out to me saying Webroot now has challenge question authentication.  It doesnt. Still. How does a security company not have this? It's pathetic. Sorry... Lost me as a customer again. I don't think Webroot will ever be on my list for demos/RFPs again.   
Userlevel 6
Badge +24
I know this says accepted/in progress, but just wanted to post that we've recently started using Duo, and it is a pretty solid 2FA Platform, I hope that it will be supported in the solution Webroot provides.  Also Duo is in the process of being acquired by Cisco, so it will likely see some significant investment and growth in the next 12-24 months.
Userlevel 6
Badge +24
Unfortunately, we are trying to standardize on one open platform, and that is currently Google Authenticator.
 
If Duo is the only option you offer, this will be an additional issue for us.  We have multiple products using Google Authenticator, desire a single platform, and do not wish to switch to a platform acquired by Cisco, and which a number of Infosec professionals are concerned will change for the worse post-Cisco acquisition.
 
As others have also said, frankly, I'm tired of waiting on this, and several other major, heavily requested features that have sat idle for 2-3 years now gathering dust.  I see a growing trend, and while I admit Webroot has made great strides in the past several months...I continue to be concerned.
Userlevel 6
Badge +24
@I get the standardization on the Google Authenticator - open platform is probably more widely accepted.  My only personal feedback there is that if you aren't paying for the product, then you are the product.
 
I would disagree with you on the Cisco acquisition.  They acquired OpenDNS, and although they rebranded it Umbrella, the product has had enormous improvements since it was acquired.  I expect that Duo will be very similar.  It will likely get some rebranding, but the core of the product will remain the same.  The difference will be in the investment for development and integration.  The umbrella product is not part of the AnyConnect Client - I would expect some integrations from Duo and other Cisco platforms to come in fairly short order (Meraki comes to mind).
 
Where I would definitely agree on is your assessment of the state of development at Webroot.  I'm glad that they seem to be more actively engaged in the recommendations & feature requests, but it does seem like they went through and essentially clean-slated the operation.  Meaning that they just marked the majority as closed/archived to start over.  It is pretty disconcerting that some of these requests have sat idle for so long (like not having to contact support to clear out endpoints!).  We have been actively doing proof of concepts with other endpoints because we feel that development is lagging and Webroot doesn't participate in any testing to make themselves comparable on paper.  Whether or not they agree with the testing method is a moot point to me because like it or not, those reports from Gartner, NSS, AVTest & others are part of the selection criteria.  I'd also like to see a more full featured EPP from Webroot with a true firewall, HIPS protections and Device Control.  They've not made it easy to justify the continued use as I have no independant data to show effectiveness. 
 
Anyway... I digress...  I'll take Google Auth over nothing at all, and maybe once the nut is cracked on that, support for  other platforms could follow.
Multi-Factor Authentication Login is very important for businesses.  This is not only a best practice, but quickly becoming the de-facto standard of all secure online logins.  All Administrators of WebRoot need to have the option to enable Multi-Factor Auth Login.  This becomes even more crucial for cloud hosted systems such as SecureAnywhere.  The lack of Multi-Factor authentication for a secuirty product is becoming inexcusable.  
 
This is a paid business product.  Even free consumer systems, such as gmail, yahoo, AOL emails, all support multi-factor auth.
Userlevel 1
Badge +1
Agree with all of the previous replies - it's 2019 now and still no MFA. This is unacceptable in a commercial security product.

Emily Kowalsky posted an article on the official Webroot blog back in January which mentions MFA and it's importance - and yet Webroot themselves don't even offer it. It's absurd.

At the time of writing this is most upvoted "In Progress" feature request and it has been open for 2 years with seemingly no progress made.

Pretty please Webroot, can we finally have MFA?
Badge
I am going to take a swing at this dead horse. Multifactor authentication is no longer something that is recommended for large companies, this is something that everyone needs to take seriously.

How secure is your security product when a bad actor is able to push into the control panel for all of your clients and gain the ability to run remote commands on all of their servers and workstations?

We have been very happy with Webroot as an antivirus product. It is long since time for the company to take internal security to the next level and establish a multifactor authentication protocol.

We work in the healthcare and insurance markets which are required to comply with HIPAA. What does it say about an IT company to have their weakest point of entry be the security software?
Userlevel 7
Badge +35
There is an additional thread around this topic here, in which our product manager JGiffard provided some updated information.
Userlevel 4
Badge +8
Hi, thanks for all comments and Webroot are actively working on a 2 factor auth solution to satisfy all of our global customers requirements. I will post an update as soon as we have more information.

Reply