Hi @maxT and @jan, we have been working with cloud SaaS platforms for a while and think that adding a 2FA (Two Factor Authentication) to the cloud version is an important security feature. Either staring with an oauth with google/github or adding something like a google authenticator would be ideal.
Hi @pradilla thanks for posting this. Completely agree that security is of the utmost importance for a tool like n8n which holds access to various apps and services. It’s also something we’ve planned to implement, but inbound requests help us with prioritisation so appreciate it!
Will update here once I have more info on progress, especially when it comes to planned spec.
@GreenFlux happy to say that 2FA/ MFA is on our n8n.cloud roadmap for n8n.cloud. While I can’t give you a specific ETA, it’s on the immediate roadmap behind a few other features - i.e. it’s not buried in backlog hell
If anyone has specific requirements for 2FA/ MFA, please do add them here (especially if it’s a hard requirement for your organisation or a vendor you work with).
Yes for me too it is a very important requirement for production environments.
Password-only authentication is too vulnerable to brute force especially in the absence of mechanisms similar to fail2ban.
I would love to be able to use two-factor authentication in the app, with Authy for example.
Is the feature also planned for the self hosted version?
@marco.fucito 2FA for n8n.cloud would be separate from 2FA on n8n core/ self-hosted. For n8n.cloud, we’ll be adding 2FA to the global n8n account used to access n8n.cloud and n8n.io.
As for 2FA on n8n core, this would be on our User Management roadmap. We’re currently implementing the MVP of User Management. Once that is released, we’ll be prioritising additional functionality for User Management, including auth features like 2FA/ SSO etc.
Hi @maxT is this still on the roadmap, as MFA is very important in order to use the cloud version of N8N, we were planing on moving from the self-hosted version to the cloud instance to reduce are management overheads but i don’t see us storing any keys on the cloud version until there is a bit more security.
It would be great to have an account management page as the account page is linked to only 2 views Logout and Instance, without having the ability of changing any user information(not even the password), and if this is already a feature I just cannot see it.
@sbesliu it is still on the roadmap, unfortunately I don’t have an ETA however. @sirdavidoff might have a better idea.
It is possible to currently change password just not while logged in, you would have to sign out and use the forgot password flow (understandably, that’s some extra friction - we’re simply prioritizing core features currently). At this time, it’s not possible to manually change for example your email address.