+ Add Question

Will Todoist Support Two-Factor Auth?


All responses

Clyde Romo  staff
Replied on Jun 05, 2014 - 09:10 UTC

Hi Rick,

First of all, we take security really seriously. As for Two-Factor Auth, I have passed this to our developers and we'll get back to you with an update. :-)



Andreas N.  premium
Replied on Aug 08, 2014 - 06:16 UTC

Any updates for this topic?

Clyde Romo  staff
Replied on Aug 08, 2014 - 08:43 UTC

Hi Andreas,

We don't have a specific thing yet to announce but it's something we're discussing internally. Once we have something more concrete, we'll definitely let you know.


Michael Repetto  premium
Replied on Nov 19, 2014 - 19:45 UTC

I would like to see this feature! Any updates?

Matthew Temple  premium
Replied on Nov 20, 2014 - 07:30 UTC

This is something I would love to see.

I would be whiling to add some more sensitive information in note and will save me a lot of time.

gregory.krasutski  premium
Replied on Nov 21, 2014 - 05:02 UTC

You can already use two-step auth with Todoist.

1. Enable two-step auth for your Google account
2. Use your Google account to log in Todoist.

Anyway, +1 for native two-step auth support for those who don't have Google account.

Christoph Schaefers
Replied on Nov 21, 2014 - 09:04 UTC

+1 (+1)

William Budge  premium
Replied on Dec 13, 2014 - 19:28 UTC

I would like to see 2 factor authentication also. Toodledo has it.

Will Bennett  premium
Replied on Jun 05, 2015 - 13:25 UTC

Count me in on the Two-Step Authentication request as well! What a great system you have btw.

Jared Cooperband  premium
Replied on Jun 18, 2015 - 09:04 UTC

This is very important to me. +1

Michael Repetto  premium
Replied on Jun 27, 2015 - 16:18 UTC


Wallace Rosa  premium
Replied on Jul 11, 2015 - 19:04 UTC

Today, is essential!


Aidan Knowles  premium
Replied on Jul 13, 2015 - 09:29 UTC


Please add this feature - it is a crucial component for any cloud service.

Manuel Kreutz  premium
Replied on Jul 16, 2015 - 05:58 UTC

+1 please :)

Ahti Kitsik  premium
Replied on Aug 19, 2015 - 11:09 UTC

For two-factor auth it would be truly awesome if it would support the new U2F standard so I could use yubikey hardware token.

As far as I know yubikey devices are also what Facebook and Google use internally at least to some extent. But any FIDO U2F authentication method would work (including Google Authenticator app).

I really hope that two-factor auth comes to todoist very soon (and with U2F support ;), it's really important piece of protection these days!

LG  premium
Replied on Aug 31, 2015 - 05:47 UTC

+1 (+1)

Jonathan Holdsworth  premium
Replied on Sep 10, 2015 - 14:47 UTC

any updates guys? its been a year since you said you passed it on to your tech guys. Losing hope here :(

Galina Skovorodnikova  staff
Replied on Sep 10, 2015 - 15:04 UTC

Hi Jonathan,

It's on our plan, though it make take a few more months.


Jonathan Holdsworth  premium
Replied on Sep 10, 2015 - 16:00 UTC

Wow Galina! thank you so much for the promp reply :)

thanks for the update

Aidan Knowles  premium
Replied on Sep 10, 2015 - 16:03 UTC

Thanks Galina,

2FA is very important in establishing and strengthening the trust between a user and a cloud service like Todoist.

Looking forward to seeing this implement asap.

In the meantime, Todoist is in the process of being added to the Two Factor watch list @ https://twofactorauth.org/

Frédéric Harper  premium
Replied on Sep 24, 2015 - 21:15 UTC


Ed Morley  premium
Replied on Oct 06, 2015 - 18:37 UTC

Adding Google Authenticator style two factor authentication is actually much easier than one would think. An additional column needs to be added to the user table containing the user secret - and some UI for enrolling/login - but other than that, most languages have libraries available to do all of the rest of the work. As such support (excl UI) can normally be added in a few dozen lines at most.

Fwiw todoist is now listed as a "does not support 2FA" on https://twofactorauth.org/

Ed Morley  premium
Replied on Oct 06, 2015 - 18:38 UTC

This question is also probably best moved to the web section.