SMS/Text Two-Factor Authentication

  • 1
  • 24
  • Idea
  • Updated 1 month ago
When will ring central be going to a more secure Two Factor Authentication method that uses SMS as the authentication code endpoint?  With a number of email accounts being subjected to numerous phishing scams, sending codes to an email address is a far less secure method then sending codes via SMS/Texting.   Plus it is faster method then email or a phone call
Photo of Erik Eckert

Erik Eckert

  • 334 Points 250 badge 2x thumb
  • this is critically needed

Posted 2 years ago

  • 1
  • 24
Photo of Brandon

Brandon, Champion

  • 25,004 Points 20k badge 2x thumb
Agreed and voted.   Google and Facebook, etc. would be good MFA's as well.
Photo of J.B. Ferguson

J.B. Ferguson, Champion

  • 38,002 Points 20k badge 2x thumb
Even better yet would be an authenticator app, like Google Authenticator. With that app I never have to wait for a text, or email or phone call (all which are less secure than a number changing randomly every minute in an authenticator.)
Photo of Erik Eckert

Erik Eckert

  • 334 Points 250 badge 2x thumb
I agree with the Google Authenticator but not everyone has it and that requires you to install it, set it up and so on.  SMS is just a little easier yet still secure.  Oh and those number expire in SMS as well so you have to be timely when you get them.   And text is generally fast.
(Edited)
Photo of J.B. Ferguson

J.B. Ferguson, Champion

  • 38,002 Points 20k badge 2x thumb
It's available free of charge on both iOS and Android platforms. It takes less than one minute to install and if the user was able to install RingCentral Mobile app (or virtually any mobile app) Google Authenticator is just as easy. It is also more secure because SMS text messages, which are sent and stored on servers in plain text, can be intercepted during transit.
Photo of Erik Eckert

Erik Eckert

  • 334 Points 250 badge 2x thumb
I agree and use it daily but I am trying to make my users experience easier and faster.   But for us, we lock our employees mobile devices down so the users are limited.   I think they should offer both to be honest.  
Photo of J.B. Ferguson

J.B. Ferguson, Champion

  • 38,002 Points 20k badge 2x thumb
Agree...that would be the best way. Most apps using two-way authentication offer three ways (phone, SMS and Authenticator).
Photo of Daniel Siefert

Daniel Siefert

  • 408 Points 250 badge 2x thumb
Getting codes via SMS for 2 factor authentication is being discouraged by the security community. Here's some examples: https://krebsonsecurity.com/tag/2fa/ I would stick to apps like Authy/Google Authenticator and a FIDO based physical key like yubikey or Google's Titan key.
ANY kind of MFA beyond email would be security hardening, plus +1 for TOTP.
Photo of BetterCoffee

BetterCoffee

  • 426 Points 250 badge 2x thumb
Adding my vote to this. Any sort of TOTP would be a start.  FIDO2 would be awesome.
Photo of Mike Deliberto

Mike Deliberto

  • 102 Points 100 badge 2x thumb
This is a 2 year old idea. Anyone from Ringcental going to speak to implementation plans?
Photo of Jessica - Community Moderator

Jessica - Community Moderator, Official Rep

  • 13,284 Points 10k badge 2x thumb
Hi Mike, 

We haven't heard anything about this from the product team as far as if/when this may become available. 
Photo of Mike Gustavson

Mike Gustavson

  • 1,626 Points 1k badge 2x thumb
Jessica, can you ask them for an update? As this is a security piece, it would be nice to see it not sit on the backburner for years.
Photo of Becky - Community Support

Becky - Community Support, Official Rep

  • 3,286 Points 3k badge 2x thumb
Mike, we're following up with Product and we'll share with you when we hear back. 
Photo of Mike Deliberto

Mike Deliberto

  • 102 Points 100 badge 2x thumb
Thanks Becky & Jessica. Keep us posted.
Photo of Jessica - Community Moderator

Jessica - Community Moderator, Official Rep

  • 13,284 Points 10k badge 2x thumb
Product does not have any updates yet, this currently is not on the roadmap. If that changes, we will let you know. 
Photo of MG

MG

  • 114 Points 100 badge 2x thumb
Having an IT security background, it is baffling that RC as a leader in cloud VolP would not make this a top priority. That's unfortunate for a company of this size!  I would like to see a method where you enter a verification code or an approval notification. Having MFA/2FA is standard practice and it would behoove RC from a competitive perspective to get moving on this! Appreciate the update but please get this on the "roadmap"!

Photo of Mike Deliberto

Mike Deliberto

  • 102 Points 100 badge 2x thumb
I've been trying to get ahold of my account rep for 3-4 weeks, this does not surprise me
Photo of Daniel Siefert

Daniel Siefert

  • 408 Points 250 badge 2x thumb
A first step to implementing this that would work for me is an option to force my users to login to RingCentral via their Google Account or Microsoft Account disabling the ability to login with a RingCentral password (with the exception of the super admin).  This way I can leverage the 2FA and password strictness available through those accounts.
Photo of MG

MG

  • 114 Points 100 badge 2x thumb
This should be a priority for RC! It's so easy to compromise RC accounts, not sure why RC is dragging their feet on this!
Photo of Keith Hollar

Keith Hollar

  • 164 Points 100 badge 2x thumb
This is definitely something that we would like to have the option to use, especially an app like Microsoft or Google Authenticator.
Photo of NetTech

NetTech

  • 106 Points 100 badge 2x thumb
I agree, please put priority on this security upgrade!
Photo of BetterCoffee

BetterCoffee

  • 426 Points 250 badge 2x thumb
Given the recent focus on security of platform like zoom, and high profile Business Email Compromise scams and losses, I think RC would be well-served to be seen as addressing this kind of improved system security.