In order to mitigate password vulnerabilities and attacks, please add multi-factor authentication to Smartsheet. It's a security best practice and most SaaS applications (such as Smartsheet) already has this integration available.
Sign in to see the current vote count, add your own vote, or leave a comment.
I also vote for multi-factor authentication. This is a requirement for other software we use, and it's concerning that we don't have this option with Smartsheet. I encourage the development team to move this to a high level of priority.
1st party MFA please! This really is a basic security feature in today's market.
@Smartsheet, I see a response that indicates that you "love the idea" of MFA and it's the type of thing that you're "thinking about every day." Can you provide a reason for why this hasn't been made a priority? Smartsheet devs ought to drop everything they're doing to implement MFA ASAP. It's far more important than any other product enhancements being worked on, and will ultimately be good for Smartsheet's sales.
The bottom line is that not having MFA means these accounts are inherently insecure. Smartsheet is not a mom and pop shop lacking the resources to make this happen; not offering MFA across ALL account types is either grossly negligent or grossly incompetent, and neither one is a good look. This is completely unacceptable in 2023.
Barring an announcement that MFA will be implemented, our organization is going to search for a different product and I would encourage all non-Enterprise customers to do the same.
It's truly disappointing that a "business" package doesn't offer MFA support as we approach 2024! I can't help but think that this is an explicit strategy to drive customers to the "enterprise" plan. As a CISSP responsible for data security, I can't sign off on storing anything of importance without MFA these days... Hopefully smartsheet decision-makers are listening!
I agree, thanks
Provide businesses the ability to enforce MFA/2fa on all accounts, regardless of subscription level.
It's insane that Smartsheet hides stronger security (SSO) behind an exhorbitant paywall, and even more insane that basic smartsheet-provided 2fa/mfa is not a even an option. Having 2fa/mfa is an industry-standard (and almost always free) security feature.
You offer this product to small and medium businesses, which are historically the most likely to suffer financial ruin from a security breach. Don't be greedy. Be on the side of your customers and please modernize your platform's security.
I can't believe this doesn't have MFA already
Great we got MFA (alongside other security features) in January :-)
Now please let also Business plans have MFA!
When will Smartsheet stop the ridiculous practice of preventing SSO to business tier accounts?
Smartsheet lacks MFA and it seems to be to be pure greed that prevents them from enabling this "table stakes" feature. SSO costs them nothing and reduces their risk!!!
I know my organization is currently debating whether to keep Smartsheet at all because of this practice and the apparent lack of focus on overall security. My org does not need Enterprise, the business plan is more than adequate for our needs, yet Smartsheet remains unwavering in their stance.
Perhaps when they're notified that we are not renewing, they'll knock it off and do the right thing for their customers. I don't hold out much hope though.
Shame on Smartsheet..... I'm so done with them
I got an email last Monday 3/15 that by the end of April they will have instituted email-based TOTP authentication. I have their business plan, but my hope is that this is for all versions. And that sometime after June 1, they will be retiring the traditional password-based login method.
Any further news on TOTP authentication for Business Users. We are another SME that doesn't need "Enterprise" but as we work into Government Organisations, are required to have Cyber Essentials Plus security accreditation and therefore must use MFA. Ridiculous that MFA isn't standard on a Business Plan! :(
I would like to add my two cents. Absolutely ridiculous that in 2024, smartsheet does not give admins the ability to force MFA on all users regardless of which plan we use. This is an example of smartsheet putting its own financial interests above those of its clients. Love smartsheet but this policy is a very bad look for you guys - do the right thing.
As a part of the new OTP solution, and the gradual shift towards greater authentication security, I would love for the ability to generate one-off App Passwords. App passwords are advantageous in allowing lesser-secure external applications an easier method of authenticating with Smartsheet, which can be segmented by solution, and utilizing complex, and large randomly-generated passcodes. My hope for a solution would be something similar to Google's implementation ( https://support.google.com/accounts/answer/185833?hl=en ) - which does require 2FA prior to utilizing app passwords. My use case for a solution like this is in UI and data automation - with the goal of utilizing a service account within Smartsheet that can run automated tasks without requiring a real human to work on them. An app password gives ease of authentication for some solutions and could bypass the requirements of either establishing an SSO login for the service account, or utilizing OTP (both which are more challenging to implement in automation).
Ok what is going on with this? Is it time to look for alternative solutions? I think it may be…
It is now 2025, did I miss where they said they implemented Multi-factor authentication? I cannot seem to find how to implement it. If they have not created a solution for all accounts using Smartsheet it is incomprehensible in this day. Businesses are using your product and storing their data. Smartsheet you are not taking security seriously. All it takes is one security breach for a company to fail. This could be in your future. I will be actively looking for a replacement as I cannot in good conscience support this in my organization without this basic security functionality. Not all companies use Enterprise with SSO.
I have a workflow with nearly 40 automations, half of which are email-based requests for updates with various sets of triggers. While I know the automations work, due to months of testing, when our system went live to the institution, I became very worried that the automations wouldn't run and I'd have no idea whether or…
Description: When users upload multiple photos in one action via the Smartsheet iOS mobile app, all files are assigned the same generic name and timestamp. This makes it difficult to identify individual photos and creates confusion in workflows that rely on accurate, unique file naming. Why This Matters: Industry Standard:…
I am proposing bringing a bit of pizzazz to Smartsheet by having celebratory animations for certain criteria. Think Joyful Animations in Outlook! My team was hoping to have some sort of confetti pop/gif/image when we close out a project or hit a milestone. Bonus points if it is configurable like the automations are.
