In order to mitigate password vulnerabilities and attacks, please add multi-factor authentication to Smartsheet. It's a security best practice and most SaaS applications (such as Smartsheet) already has this integration available.
Sign in to see the current vote count, add your own vote, or leave a comment.
Please enable MFA for Business plans.
Most products nowadays offer MFA as standard - even to small businesses…. and its expected for general security compliance. (in Australia, it's mandatory for basic Essential 8 compliance….)
Smartsheet is trying to force us to upgrade and incur significantly higher costs for a feature that should be standard. This increased cost is not feasible for small businesses.
It would be helpful if more detail (especially a target timeline) could be provided for the MFA component of the passwordless login. Additionally, a support agent recently told me this is not planned for the desktop app. I would like for the MFA to be part of the desktop app authentication flow as well.
Please offer the option of using an authenticator app (or text message) base MFA
Email-base (TOTP) authentication is horrible for productivity. When someone is trying to get work done, and is FORCED to switch their attention to their email to go get a password… it's bad. I personally have been 'derailed' multiple times by going to get my password in email, and getting distracted by OTHER emails. Argh. Please don't get rid of password sign-in and force people to use TOTP, with no other options.
It is really annoying to have to first go to the site, then open my email account, copy the code, and return to the site EVERY SINGLE TIME. If this is not changed, I will not be using this service any further. NO OTHER PROGRAM THAT I USE REQUIRES ME TO BOTH LOG IN AND GET AN EMAIL CODE EVERY TIME I USE IT.
Looks like we got it in the end - I have received an email from SS product team: "Smartsheet is releasing free login security enhancements you can implement to help protect your account. According to our records, your users are logging in with email/password, or via email-based one-time passcode."
"By the end of October, we'll be introducing a stronger option: authenticator app MFA, free for all plans. With this capability, you can require users to verify their identity with a code from Google or Microsoft Authenticator, and instantly increase your resilience to cyber attacks and phishing."
What's been released for Business Plans is very limited - to the point where I can't see what the benefit is. If you are on a Business Plan and enable MFA, only your internal users will be prompted to register with MFA. Any external users that you collaborate with will not be prompted to register with MFA. When I raised this with Smartsheet support, I was told that we would either need to upgrade to the Enterprise Plan, or convert all our external users to plan members.
There's a feature called 'Secure External Access' to control access to content by External users to solve this, but that's only available with Enterprise Plans.
I can't see the benefit with what's been released for Business Plans, as enabling a security feature that only applies to some users and not others isn’t an effective security control and wouldn’t pass an Information Security audit as a control.
I have raised these concerns on the MFA release announcement:
Although we are extremely proficient when it comes to reducing load on our smartsheets (we use pivot, data mesh and data shuttle extensively), we still find ourselves hitting capacity limits (mostly because of the number of columns in conjunction with some pretty complex formulas). Breaking up data between sheets and…
Be able to print and/or export Workflow Automations in PDF and/or export to Visio. this would be used for document control and troubleshooting aid
It would be extremely beneficial to have the ability to manually assign colors to individual projects within the Timeline View. Currently, project colors are automatically determined by the Dashboard Theme, which limits flexibility and makes it challenging to visually differentiate projects in a meaningful way. Allowing…
