The way Syncro has implemented MFA is awful and I would really like to see a change to it. Previously I was able to set it up so that employees would have to log in to Syncro once per day (when they came in), and they would be prompted for MFA at that time. With the current implementation the MFA prompt isn’t tied to anything except time so if a user comes in at 10am on Tuesday, but 8am the rest of the week, they’re getting interrupted at 10am every day to enter the MFA code. My users find this extremely annoying.
In my case, I was just entering some fairly detailed notes while creating a ticket but when I went to save it I couldn’t because MFA timed out and I had to enter the MFA code. Of course once that’s done it takes me to the dashboard and I lost 2 paragraphs of text. Very uncool. Please don’t implement changes that end up costing your customers time.
The old options for setting up MFA were significantly better than what’s being forced on us now. If there were just an option to require MFA when signing in to Syncro that would fix it, and I can’t believe a lot of other MSPs wouldn’t prefer it that way as well.
After so many other MSP tools have been hacked I actually love the way this has been implemented. Let’s be honest, we ALL HATE MFA. But it’s a necessary evil. I get prompted 2-3 times a day to re-MFA and that keeps us more secure. I hope this doesn’t get changed…
I do think the implementation is weird, but generally ok. A small tweak that I would vote for is a warning pop up that MFA will be triggered in 1 min or something like that…
I only get prompted for MFA maybe monthly? Certainly not daily or multiple times a day. Maybe because I leave the browser open constantly? As far as loosing text, almost always if I close an ubsubmitted ticket comment and go back to the ticket, my text is restored/can click to restore it.
Here is the setting for MFA: (I leave my browser open continually, but it prompts me daily – at the same time that I did it the previous day on that particular device.)
This “Restore” function fails when it kicks you out to enter MFA!
Yup, looks like I left the timeout field blank and set to 30 days. If someone has access to a device I login to Syncro with I have way bigger problems. And I never login from a device that’s not mine. Odd that the restore function fails. That definitely needs fixing if so.
I find it problematic that this setting is where it is and not some sort of Security Settings. Hopefully they will consolidate this with other things (like an actual, working IP white list) and put it in one place.
Agreed, the whole Settings page is a mess, always has been. Non-standard layouts and navigation, different UI elements for the same things, things hidden by text ‘Additional Settings’ links, no search.
I have to agree that the MFA implementation is dumb. I used to have it set so that employees would get the MFA prompt whenever they logged in to Syncro which seems like a completely valid way to want it set up. Instead we regularly get kicked out of what we’re doing to enter the MFA, often losing what we were doing at the time. It just happened to me again.
Please just add an option to require MFA at login instead of these arbitrary times. It’s very frustrating!
I too agree. I wish the MFA was better implemented. I hope it comes down the road at some time. Sooner than later.
I have this experience as well. Sometimes it warns me that MFA expired, but sometimes not and I’ll lose data. I wish it would at least throw a prompt 10, 15, 30 minutes ahead and allow us to re-authenticate.
So I was just putting the finishing touches on a complicated script, hit ‘Update Script’, got prompted for MFA and lost my changes
That really sucks, and I’m sorry that happened, but to be fair, especially when working on complicated scripts, the work should be done in some sort of IDE editor, like VSCode or PowerShell ISE. Never a good idea to edit live online where it can’t exactly be saved if something happens.
Also when you leave a script edit page open a while and submit the changes and it doesn’t save cause it’s been open too long. IIRC there is a notification that says something, but it’s not super obvious and your changes are lost regardless.
I don’t disagree, and I generally do use ISE, but there is literally NO REASON someone should lose work due to an MFA prompt.
This would be its own feature - but why not request a feature where current code is store locally - then when that page is flag - have it also flag that its to be reloaded upon MFA login again? This one doesnt seem like a MFA problem - just a QOL change (referring to the code despairing issue).
Not to discredit the ‘lost work’ comments - but I’ve not personally experienced this as I have my sessions set to 30 days as well. My opinion on MFA requirements are similar to @isaacg - my additional 2 cents is that MFA is designed to protect against password breaches externally, not necessarily protect on trusted devices used frequently. How many times do you get hassled by Microsoft by default to re-MFA daily? Sure if you have someone rooting around on your trusted machines, that’s a different story. I’ve seen Ninja require MFA when doing certain tasks, like scripting and it is a pain but it’s no different than MS requesting MFA again during security related things.
I have to agree with the general sentiment in this thread. I understand that security is a trade off and I actually do not mind that I need to prove myself with MFA regularly. Password managers make that process pretty easy. The problem is with the timeout being invisible to the user. Being in the middle of something and finding that none of it saved because you didn’t know that you hit the MFA challenge time is extremely frustrating. The other thing that is really annoying is when you type an asset name into the search bar and it gives the circling icon to indicate that it is preparing to show you the drop down menu with quick results but it never does because MFA challenge time is upon you.
I think that a timer below or next to your username showing when your next MFA challenge will come would be a great solution to the frustration.
Before the MFA change it was perfect for us. We have everyone log in to Syncro every day, and they were prompted for MFA at that point and not prompted again until the next login. I really wish they would bring that back.
I love this idea. Also:
Jrdn Ritz on FB a recommends moving the MFA timeout to 12 hours. I’m going to try that!