MFA rating

[ghost]

Hi, Could we start working on a new Ranking chart, based on the list of Providers?

Rating on different cretiria such as:

• API Implementation difficulty
• Security level
• Pricing
• Supported Functionality(Geofencing, Multi-Device per account, etc...)

I don't think such a list exists and it'd be a good project that i'd like to take part of.

[Carlgo11]

No. We don't have that kind of information on the existing providers. That would mean we'd have to try and test out every single TFA provider that makes a PR to us.

[ghost]

I can provide the info for 1 provider, then for the rest we could contact them through email and request they provide the information. I don't think it's too much of hassle.

[ghost]

Again, not talking about testing and pentesting but rather crafting a chart of General knowledge items(Such as pricing, functionalites, simplicity etc) and when we reach the rest we can contact the companies.

[Carlgo11]

Okay, well I don't think any collaborator is willing to do this extra work that you're requesting. If you're willing to contact the existing ~45 TFA providers and gather this information as well as rate their API implementation difficulty then we'll do a vote on it. Until then I'll keep this ticket closed.

[ghost]

You're creating a list of sites that should implement TFA. Then you've added the list of TFA providers. Maybe if we had a chart we could make the job easier for everyone by showing them all the information in one place?

'I'm a game developer looking for TFA, here's a list for you to choose from...' That's good! But how about making it a step further providing extra information for each provider? rather than having to click each one?

I think it'll make a great list(and the first of its kind i believe) so maybe its worth taking few extra hours to complete or at the very least vote upon? I'm very willing to help gather the information, 3 people each gets 15 providers to research. we can finish it all by the end of the week.

At least, that's how i see it.

[mxxcon]

How do you define "API Implementation difficulty" and "Security level"? Many if not most providers have "Contact Us" for prices. If they don't list it on their website, they won't tell it to us. And those that do have many various pricing schemes. Making a meaning full chart will be very difficult. "Supported Functionality" will be a never-ending list with each provider claiming to one-up the other one.

[ghost]

@mxxcon First off let me start by saying i opened this request for a debate, as a provider my opinion is abit buyset so i'll much rather collaborate than "dictate" what should be in that chart. We can rephrase, remove/add points for the rating based on what we(all of us) think is most important for developers.

So for example, my thoughts were on directing our Ranking system to specificly API solution. Since most of the other solutions are based on the API, it makes sense we check the root.

So by "API implem.. dif..." - i ment if there's an easy documentation, easy to implement, any examples? this kind of stuff.

Then there's the issue of "Pricing", and you're right. That's why i thought each of us gets 15 providers and in 15min copy paste our questions to their contact us. Those who answer - Great. Those who don't - They will eventually.

But since we're using the API as our Point of ranking, our Pricing plan can be directed at the smallest(Which i believe usually free) to the second. e.g: 100 users = free, 150 users = $$ So at the Column title it could say(based on our findings ofcourse) Pricing Avg. "100" Users.

Many SaaS providers work this way, so i figured we could use that template.

The last thing is Supported functionality. It doesn't have to be a never-ending list, We can see if more and more companies support special functionalitys and based on the findings we include a "+5" or "+10" when we add a small note saying what those are. Again, i can use myself as a template for those features and using those we could start building our lists of pretty much EVERYTHING.

[ghost]

shit. this was alot shorter in my head. This is rather simple, i recommend making a template Excel(based solely on what i know) and give it to those willing to help. Then each with his target providers adds/Edits the excel and when we hit the threshold can sum up our data. It might seem complicated but honestly i think it's few hours tops.

[ghost]

by "based solely on what i know" what i mean is: i can't know every feature of every company. If 1 has a feature that none of the others have it's not worth mentioning. If 2 has a feature that isn't in the list i created then it needs to be added. That kind of deal.