SMS/Text Two-Factor Authentication

  • 0
  • 11
  • Idea
  • Updated 1 month ago
When will ring central be going to a more secure Two Factor Authentication method that uses SMS as the authentication code endpoint?  With a number of email accounts being subjected to numerous phishing scams, sending codes to an email address is a far less secure method then sending codes via SMS/Texting.   Plus it is faster method then email or a phone call
Photo of Erik Eckert

Erik Eckert

  • 224 Points 100 badge 2x thumb
  • this is critically needed

Posted 2 years ago

  • 0
  • 11
Photo of Brandon

Brandon, Champion

  • 24,596 Points 20k badge 2x thumb
Agreed and voted.   Google and Facebook, etc. would be good MFA's as well.
Photo of J.B. Ferguson

J.B. Ferguson, Champion

  • 36,958 Points 20k badge 2x thumb
Even better yet would be an authenticator app, like Google Authenticator. With that app I never have to wait for a text, or email or phone call (all which are less secure than a number changing randomly every minute in an authenticator.)
Photo of Erik Eckert

Erik Eckert

  • 224 Points 100 badge 2x thumb
I agree with the Google Authenticator but not everyone has it and that requires you to install it, set it up and so on.  SMS is just a little easier yet still secure.  Oh and those number expire in SMS as well so you have to be timely when you get them.   And text is generally fast.
(Edited)
Photo of J.B. Ferguson

J.B. Ferguson, Champion

  • 36,636 Points 20k badge 2x thumb
It's available free of charge on both iOS and Android platforms. It takes less than one minute to install and if the user was able to install RingCentral Mobile app (or virtually any mobile app) Google Authenticator is just as easy. It is also more secure because SMS text messages, which are sent and stored on servers in plain text, can be intercepted during transit.
Photo of Erik Eckert

Erik Eckert

  • 224 Points 100 badge 2x thumb
I agree and use it daily but I am trying to make my users experience easier and faster.   But for us, we lock our employees mobile devices down so the users are limited.   I think they should offer both to be honest.  
Photo of J.B. Ferguson

J.B. Ferguson, Champion

  • 36,636 Points 20k badge 2x thumb
Agree...that would be the best way. Most apps using two-way authentication offer three ways (phone, SMS and Authenticator).
Photo of Daniel Siefert

Daniel Siefert

  • 318 Points 250 badge 2x thumb
Getting codes via SMS for 2 factor authentication is being discouraged by the security community. Here's some examples: https://krebsonsecurity.com/tag/2fa/ I would stick to apps like Authy/Google Authenticator and a FIDO based physical key like yubikey or Google's Titan key.
ANY kind of MFA beyond email would be security hardening, plus +1 for TOTP.
Photo of BetterCoffee

BetterCoffee

  • 188 Points 100 badge 2x thumb
Adding my vote to this. Any sort of TOTP would be a start.  FIDO2 would be awesome.