https://support.plesk.com/hc/en-us/articles/22970103220503-Why-does-Plesk-enforces-me-to-use-two-factor-authentication-2FA

> Starting with version 18.0.61, Plesk Obsidian allows for the enforcement of two-factor authentication (2FA) across different user roles, including administrators, clients, and resellers.

I'd appreciate it if there was the ability to explicitly enforce MFA for additional administrators too.

Security is only as strong as its weakest link.

the same for domain administrators would be usefull as well!

Wow, after 7 years Plesk has managed to develop the minimum(!) security for the customers. And Plesk is proud of this new feature?

This extremely customer-unfriendly behavior and the very high prices are the reason for us to replace Plesk everywhere.And guess what: We are very happy with our decision and have never regretted it :-)

Come on, this was reported 5 years ago, are you for real? I had to give the owner account to a customer which should not have owner rights, just to be able to use MFA!

This is absolutely critical. Not in 2024, but in 2018!

Security has becom a critical issue. One of our accounts has been hacked and having MFA installed would be very beneficial.

Thanks in advance!

We just lost a major customer as this is not possible.

Why doesn't Plesk have a necessary function like this until now? so sad

We vote for that.

It is strongly recommended that every user logging into Plesk adhere to the requirement of implementing Two-Factor Authentication (TFA).

i vote for it

In today's environment of sophisticated online attackers, 2FA is an extremely important security measure.

Plesk is long overdue to implement proper full support.

I have no words to say why this has been not been introduced to Plesk security settings

With Plesk as a major component in our web infrastructure and many of us pleskians have (a lot of) customers login into Plesk continuously, it's unacceptable that - 5 years after Philipp initially posted for this feature request - 2FA / MFA is available and working for the super admin only. With 2FA / MFA as the new standard for better authentication security at any other major platform / application / web service these days, I do not even know how to explain our customers that Plesk doesn't have 2FA for them. Again, we're not talking about a single website or subscription here, this concerns Plesk; a MAJOR component in our whole web infrastructure and thus millions of servers, users, customers, websites, etc etc. Unacceptable.

We need to be able to enable 2FA for additional admin accounts.

To not have 2fA is a massive security risk.

Plesk really needs more than 4 years to offer this most basic security feature out of the box??

We need to be able to enable 2FA to secure all subscriptions and admin accounts. This is so important with recent spoofing emails. Why in 2021 is this not in place?

I am honestly surprised how few people seem to be taking security seriously.
2fa should be mandatory security feature.

And I agree, subscriptions should also get this feature.

MFA for subscription users is also of critical importance!

Oh noes, i didn't realise the Google MFA wasn't a single turn on for all users deal. Turning it on for the one admin account isn't very helpful when i have dozens of site admins still unprotected.

I have multiple subsciptions with a single subscriber and multiple additional administrator accounts. Would definitely need 2FA for all the accounts. When will this feature be coming up?