Hi @SunsetRunner, thanks for sharing this idea. Sorry what happened to you with your account. Have you checked this option? Let's see what others think about your idea.

I would like to recommend and provide feedback to please provide two-step authentication or by using an Authenticator for the Fitbit accounts to ensure all data is secure and cannot be hacked.  Fitbit information was previously hacked and I want to make sure everyone's accounts are secure so information is not lost, stolen, etc.  Can you please implement this?  I look forward to reading up on this again.

I just had a third party changing the email associated to my account. I was lucky to be logged in on my app and to have reacted quickly to the email notification, so I could change my account back to my email and change the password.

In this era of account hacking, is very important to have two step authentication for accounts that may contain personal information!!!  Please add this feature!

Hello @AC4 ! Thanks for sharing this suggestion, I moved it to this similar post so you can add your vote to it. Please keep sharing your ideas with us!

Today 2-factor authentication is a must really. Ideally it should support FIDO standards, but additional quesiton/answer challenge or even text message is still better then nothing. 

Two step authentication is a must.  Hacking happened to other fit apps and cause millions of dollars in damages, intellectual loses, and cause people’s information to be stolen.  Company’s have to protect customer’s data or they will lose business and be sued for lack of security.  Let’s get this fixed ASAP.

This NEEDS to be implemented ASAP!! It is becoming the Information Security (InfoSec) standard, Better to add it now then to regret it later.

And before anyone asks, Yes, My account just got hacked into.

If your offering products that allow personal information to be stored such as credit cards you should have better security measures. There should be options such as security questions and an option to have more than 1 email available to ensure personal information does not get taken. Also, your process to have issues handled immediately should not leave a person more concerned than when they called customer support. I have been a customer for over 3 years and this is disappointing for such great products that you have. 

So what happened when you clicked on the link to recover? 

This is not about the community forum but about the users Fitbit account 

The best way to keep this from happening is to have proper password management. 

I'm not sure if your asking for two factor. 

Enable 2FactorAuthentication for fitbit account...

Hi @SunsetRunner and @Light123! That’s an interesting idea and could be useful, thanks for sharing your concerns about the security of your accounts.  I've moved it into a similar suggestion, as the more votes and comments an idea has the more visibility and momentum it gains. You can learn more about how Fitbit decides what suggestions get released in our FAQs.

Hi @SunsetRunner thanks for sharing your comment. Our team is taking care of this type of issues with our users and we're working on having better options for them too. At this moment, we don't have updates about this. You can learn more about how Fitbit decides what suggestions get released in our FAQs.

I'm gonna be honest here, this should not be suggestion, but high priority for Fitbit. I'm mean it requires only few schema changes in database and few additional lines of code. Different implementations of 2FA are already out and well documented. We not taking about anything that is time or budget consuming. Even junior developer should be to pull this off in couple of days (being overly generous here). 

Hello, I stumbled on this one since I got hacked today. So that mean nothing has changed.

I'm terrified at the idea that someone could have taken my account if I hadn't seen the "Your email will change" email. That's not normal at all the default is giving the data instead of asking for confirmation !

Please, could you see it's a real security issue ? And what if I had registered Fitbit Pay, does that mean that the person would have my bank info ?

We NEED 2 factor authentication AND this flow to be changed to something asking for confirmation instead of asking for correction. I'm not sure it's very GDPR compliant NOT asking for consent, by the way. 

Please, change this ASAP, it's still a big issue.

When an account takeover happens, you need to be more proactive and patch your servers first and have secured intrusion detection. The data that they are steeling are personal and by your lax security, it's harming your customers. Please fix instead of ignoring it. 

Hi @GSOD, thanks for taking the time to share your feedback about having better security to prevent hackers from taking over an account, this feature suggestion to improve security already exists with a specific implementation of a 2 Factor Authentication for the Fitbit account, so I’ve moved your post here as it is currently under "Reviewed by moderator" status. This helps maintain the Community and the Feature Suggestion board more organized. 

Found from one of the links provided:

Why don't you offer 2 factory authentication?

Customers using “Log in with Google” can use multi-factor authentication. We're working on adding native multi-factor authentication for fitbit.com accounts.

My account was just hacked. While it was easily resolved by following the link in the email I received from Fitbit, I agree 100% with the others who say this should be a top priority security upgrade, not some silly little vote. The article I c&p'd from indicated it was last updated in June 2019, and I still cannot find any way to enable 2FA.

Get this feature enabled asap. I will definitely move to a different brand if this is not done soon. It is near time for an upgrade for me, and I will not consider buying a new Fitbit if security is not improved.

Moderator edit: all-caps

I did not see a way to edit my post. I do not intend to change to logging in with Google. This needs to be a part of the Fitbit platform.

WOW - I just found this quote from 2016 in an article online about Fitbit security:

"The Fitbit spokeswoman says customers using "Login with Googe" can make use of multi-factor authentication today. We are also working on native multi-factor authentication for Fitbit accounts and plan to make it available later in 2016."

Modifica del moderatore: formato

There's STILL no two factory authentication? This is absolutely inexcusable, considering you can't keep your data safe. This needs to be changed sooner rather than later, get your butts in gear. I'll never buy another fitbit product if this is going to be the case.