my.tado.com : support for 2FA

2»

Comments

  • I was also unpleasantly surprised by the lack of 2FA.. just make it an optional (but recommended) thing so that your "older" clients can also use the service without issues and everyone is happy. In 2021 it's no rocket science to implement this extra layer of security, there are many libraries out there ready to be used so development time should also be limited. Hope to see this feature soon. :)

  • I recently became a tado user and i am appalled that TADO does not have 2FA. Your website said that u use the same security as banks but every single bank uses 2FA. Your entire infrastructure has a 1 point of failure. If for some reason TADO does not proper hash users passwords or god for bid stores them plain text in a database.

    Then one hack would expose every single house to the most extreme hacks possible.

  • @Jurian
    Please note this is a very serious security weakness. If a hacker gets access to my account, they could know when I'm away ( system set on away) and also have my home address, used for geofencing.
    Much bigger companies have lost customer data in the recent past ( see Experian the audit company).
    Please escalate this !

    If i could lock remote access to my setup, i would. But that's impossible, remote access is the only way tado is set up to allow, according to one of your most active community threads.

    Until this is resolved, i would advise anyone to fake their home address ( your system doesn't allow me to leave it blank)

    Thanks