Hi Replit team,
We are currently running a production SaaS application on Replit, and one of the biggest blockers for us to confidently scale and go fully live is account-level security.
At the moment, authentication and authorization are primarily focused on the application level. However, the Replit account itself represents a single point of failure.
If a Replit account is compromised, an attacker could:
-
Delete or modify production projects
-
Access sensitive environment variables and secrets
-
Shut down live services
-
Potentially cause irreversible data loss
For a SaaS product handling user data and payments, this is a critical operational and legal risk.
What we are missing
We would strongly benefit from additional authentication layers on the Replit account itself, such as:
-
Mandatory or enforced multi-factor authentication (MFA / 2FA)
-
Account-level security controls independent from project auth
-
Clear recovery and access-restriction mechanisms
Why this matters
Many Replit users are now:
-
Running live production systems
-
Handling personal data (GDPR / privacy regulations)
-
Processing payments and subscriptions
In this context, account-level security is no longer a “nice to have”, but a baseline requirement to safely operate on Replit as a platform.
Summary
Adding stronger AUTH at the Replit account level would:
-
Reduce catastrophic risk for production users
-
Increase trust in Replit as a serious hosting platform
-
Enable more SaaS founders to confidently launch and scale on Replit
We really enjoy building on Replit, but this is one of the last remaining blockers for us to feel fully safe running production workloads.
Thanks for considering this request.
—
A SaaS founder running production on Replit