Two factor authentication (2FA) for Service and Additional Admin Accounts
Currently Plesk supports Clef and Google Authenticator for Plesk admin accounts.
However if a customer creates additional user accounts (service accounts with owner rights for example) the 2FA option is not available.
We would appreciate this feature especially in combination with multi-server management, where one customer may have multiple admins and multiple domain subscriptions.
-Philipp
We are glad to announce the new Multi-Factor Authentication (MFA) extension (https://www.plesk.com/extensions/mfa/), coming to Plesk Obsidian 18.0.61 and later. The new extension is meant to offer seamless 2FA authentication to all Plesk users, and comes with one of the following benefits:
- Multi-factor authentication can now be configured in the profile settings for users of all levels (administrators, additional administrators, resellers, customers, and subscription users).
If you have any feedback on the implementation of this feature, please let us know on the forum: https://talk.plesk.com/.
— AY
-
Andi Herzig commented
the same for domain administrators would be usefull as well!
-
Thomas commented
Wow, after 7 years Plesk has managed to develop the minimum(!) security for the customers. And Plesk is proud of this new feature?
This extremely customer-unfriendly behavior and the very high prices are the reason for us to replace Plesk everywhere.And guess what: We are very happy with our decision and have never regretted it :-)
-
Some Body commented
Come on, this was reported 5 years ago, are you for real? I had to give the owner account to a customer which should not have owner rights, just to be able to use MFA!
-
Remo Wenger commented
This is absolutely critical. Not in 2024, but in 2018!
-
Ramon Bazan commented
Security has becom a critical issue. One of our accounts has been hacked and having MFA installed would be very beneficial.
Thanks in advance!
-
pm commented
We just lost a major customer as this is not possible.
-
Sơn Zai commented
Why doesn't Plesk have a necessary function like this until now? so sad
-
Christos commented
We vote for that.
It is strongly recommended that every user logging into Plesk adhere to the requirement of implementing Two-Factor Authentication (TFA).
-
Rafał commented
i vote for it
-
Adrian Herber commented
In today's environment of sophisticated online attackers, 2FA is an extremely important security measure.
Plesk is long overdue to implement proper full support.
-
Grzegorz commented
I have no words to say why this has been not been introduced to Plesk security settings
-
Gerinho commented
With Plesk as a major component in our web infrastructure and many of us pleskians have (a lot of) customers login into Plesk continuously, it's unacceptable that - 5 years after Philipp initially posted for this feature request - 2FA / MFA is available and working for the super admin only. With 2FA / MFA as the new standard for better authentication security at any other major platform / application / web service these days, I do not even know how to explain our customers that Plesk doesn't have 2FA for them. Again, we're not talking about a single website or subscription here, this concerns Plesk; a MAJOR component in our whole web infrastructure and thus millions of servers, users, customers, websites, etc etc. Unacceptable.
-
Berni Liechti commented
We need to be able to enable 2FA for additional admin accounts.
To not have 2fA is a massive security risk.
-
Thomas commented
Plesk really needs more than 4 years to offer this most basic security feature out of the box??
-
Anonymous commented
We need to be able to enable 2FA to secure all subscriptions and admin accounts. This is so important with recent spoofing emails. Why in 2021 is this not in place?
-
Kaz commented
I am honestly surprised how few people seem to be taking security seriously.
2fa should be mandatory security feature.And I agree, subscriptions should also get this feature.
-
Sam Thackeray commented
MFA for subscription users is also of critical importance!
-
Sam Thackeray commented
Oh noes, i didn't realise the Google MFA wasn't a single turn on for all users deal. Turning it on for the one admin account isn't very helpful when i have dozens of site admins still unprotected.
-
Francis commented
I have multiple subsciptions with a single subscriber and multiple additional administrator accounts. Would definitely need 2FA for all the accounts. When will this feature be coming up?
-
Daniel Wimpel commented
Plesk supports Authenticators for the primary admin account.
However, additional admin accounts can still log in without 2FA.
This feature would be great to abide to basic security guidelines as it still involves important client data.