Make MFA part of the team edition
Securing your chat server should not depend on the size of your wallet. I think there are enough other reasons for enterprises to pay for Mattermost (support plans, branding, LDAP). Allowing additional security to private persons, open source- and small teams would be awesome.
Anonymous
shared this idea
Thank you for voting for this request! MFA is now in Team Edition starting with v5.8 release: https://docs.mattermost.com/deployment/auth.html#multi-factor-authentication.
Enforcing MFA remains an Enterprise feature: https://docs.mattermost.com/deployment/auth.html#enforcing-mfa-e10
-
Stefan
commented
It is 2018 now. Webauthn is standardized, and adaption of U2F and other means to using MFA are starting to get traction. This is thanks to more and more services (GMail, Dropbox, GitHub, ...) and software (Nextcloud, ...) staring to support it - or extending their support to new technologies and standards.
Mattermost is a popular software in the developer community, but also in other large fields (media, activism, ...) - some of those use the team version because they are too small or non-profit, or don't have enough money for other reasons. It is still important to protect those communities and their users.
MFA is an important innovation helping to do so. For example, Google reported that it eliminated (!) phishing by deploying U2F. Mattermost should join this effort.