login does not have two factor authentication (2FA)?

Thales de Paula
Thales de Paula Member Posts: 65 Helper

Guys, we are in the year 2022, I would like to know why on the native website, our login does not have two factor authentication (2FA).

simply if someone has access to my account (hacker or someone malicious)

so I can lose full access to my account. whoever manages to log into it, just change the email which is very easy, and then change the password, without any difficulty..

I know my data is my responsibility but we're going to have an extra layer of security, do you agree?

because I'm not even alerted if someone changes my email on the account.


  • Kubrak
    Kubrak Member Posts: 2,465 Expert

    Well, you are right. One may have pretty much value on the account...

    But, NI is the same like others. None of five or so plugin companies, that I use, uses 2FA.

    What I do is. I use strong unique passwords and keep them secure.

    Also, licences are not money. Producer may give you new licences in case of fraud and it does not cost him much.....

  • JesterMgee
    JesterMgee Member Posts: 2,130 Expert
    edited May 2022

    Not needed on every single online account you use. 2FA is mostly used on highly important services that have the ability to really affect your life (banking, email, personal information). Something like an NI account is just plugins and software, can't really be used to gain further access to other information or services from there. If you have been hijacked it's usually easy to contact the company and get it fixed and in reality you will loose nothing, maybe your address/phone/email but anyone who wants that can often find it with a little digging... I mean there was a time when all this info was printed in a big book that was handed to you for FREE, often with either Yellow or White pages!

    So not really needed for a basic account, doesn't even matter it's the year 2022.

  • Kubrak
    Kubrak Member Posts: 2,465 Expert

    Hard to guess what happens if someone gets into account, changes email, password, asks for Licence Transfer, sells stealen licences....

    • NI may issue new licences, NI looses... Stealer gains.
    • NI may invalidate buyers licences and retur them to previous user. Buyer looses, stealer gains....

    Also it may be difficult to proove, that it has been stolen....

    It seems to me that 2F authorisation for email/password change and Licence Transfer would be appropriate...

    I do not know, how often something like this happens. Maybe it is easier and cheaper to issue new licences than protect accounts better....

  • Tony Jones
    Tony Jones Member Posts: 261 Pro

    Amazon doesn't use 2FA and opens up chances of lots of spending, though does run extra checks if you send to a new address.

    PayPal does (UK at least) as it directly deals with money.

    Where would you stop with 2FA if you rolled it out to NI (and Arturia/ Waves / PIA / Isotope...............

  • Kubrak
    Kubrak Member Posts: 2,465 Expert

    It could be just for email change and licence transfers....

    Google has 2FA just for email account, banks have 3FA.... One may have more money in plugins than money at the bank account....

  • Paule
    Paule Member Posts: 1,240 Expert

    IMHO you can use a loooong username and also a long password instead of banking securities.

  • Kubrak
    Kubrak Member Posts: 2,465 Expert

    Yes, I do. But, it solves only bruteforce attack, not hacked PC and keylogger implanted.....

    I have aprox. 3 000 EUR worth SW and 4 000 EUR worth HW on NI account....

  • Tony Jones
    Tony Jones Member Posts: 261 Pro

    Not really. The hardware is in your studio, the SW in your computer. This is just records. Even if your account was hacked, the HW isn't going anywhere

  • Murat Kayi
    Murat Kayi Member Posts: 378 Pro

    I find it quite amusing how everyone argues against 2FA. I mean come on. It is more security with next to no hassle.

  • Jojo123
    Jojo123 Member Posts: 159 Advisor
    edited May 2022

    Just type in a good strong password (NOT password123) and make sure you don't have a keylogger on your system plus use a healthy dose of common sense. Not everyone has the latest fancy secure cellphone and 2FA is a step I can well do without. Hope NI dont make this a requirement.

  • JesterMgee
    JesterMgee Member Posts: 2,130 Expert

    Wait till you loose a phone or just switch numbers and then have headache after headache for months every time you try and login to a simple forum. In many cases you cannot update the mobile number with a new number without access to the old one, requiring you to call the company and verify things by voice which is a pain.

    Now I can accept this for a bank but it's rare that someone wants to hack into your native instruments account to try and quickly steal all your stuff. It's a hassle most of us just don't want for every online interaction.

    Just either choose a good few passwords and segregate financial and forum/social sites on different passwords like we all should be doing, or use the auto-suggested super strong keychain passwords. We can't always rely on companies offering us protection all the time.

  • Kubrak
    Kubrak Member Posts: 2,465 Expert

    @Tony Jones

    Not really. The hardware is in your studio, the SW in your computer. This is just records. Even if your account was hacked, the HW isn't going anywhere.

    Well, I have SW in my PC and HW at home. But, if one hacks account (while unlikely, still possible) and transfers/sells SW and HW licences....

    I may sell my HW only with discounted price, as it would be without bundled SW..... And I could not install SW on a new computer or download updates. Or upgrade to a new version, when it comes. Or sell the licence....

    I sell old licences as well as HW I do not use anymore.


    One does not need fancy secure cellphone... Ordinary sub 100 USD cellphone would do. Or 2F may be done by answering question like, what was name of your fish/dog/cat/rat/....

    And mainly we do not speak about twofactor for all tasks, just for changing email and Licence Transfer. Those are not things one does too often.

Back To Top