![]() ![]() We’re doing this to prevent would-be attackers from circumventing the security of the Authy app by falling back to SMS. However, once you have Authy installed, you will no longer be able to request codes via SMS. Customers may have unique requirements which rule out the Authy mobile app, so we will continue to support SMS. We believe that switching to the Authy app will improve security without any downside to usability for nearly all customers, as discussed below.Īt the same time, we recognize there is no one-size-fits-all solution. We are now actively encouraging all of our customers to install the Authy app. However, in recent interactions with customers, the Gemini support team reached the conclusion that many customers were either not aware of the Authy mobile app, incorrectly viewed SMS as equivalently secure to the Authy app, or were interested in other alternative TOTP apps. ![]() Gemini has always supported SMS and mobile app options for 2FA. ![]() OneTouch further improves usability by avoiding the need to transcribe digits from one device to another, but (unlike TOTP) it does require a data connection. TOTP apps can work offline, even if the phone itself has no service (e.g., when a user is outside a service area). TOTP codes generated using an app do not require internet connectivity. Voice codes further improve accessibility by allowing codes to be sent to landlines or heard by users who have difficulty with visual information. SMS is simple and can work on any mobile phone including legacy flip-phones that are not “smart” and don’t have an application ecosystem. Instead users confirm a login by responding to a simple yes/no prompt.Įach of these options comes with different tradeoffs.
0 Comments
Leave a Reply. |