Log In  
Ask about your listing

Secure two-factor-authentication

‎12-09-2021 01:23 PM
Paul7667
Level 2
Edinburgh, United Kingdom
‎12-09-2021 01:23 PM

Secure two-factor-authentication

Please let me keep my account secure with a proper 2FA method.

 

What I can see in my account and why it's not good
1) Phone number - Can be spoofed or sim-swapped. Also possible to be stuck with no signal or broken SIM card.
2) PIN - static, basically no different from a longer password
3) Questions - static, basically no different from a longer password

 

What I would want
1) App to verify identity that uses phone native fingerprint reader
2) TOTP, simple standard that's Google Auth compatible
3) Yubikey or other public-key-signing standard

‎12-09-2021 01:23 PM
2 Replies 2
‎16-05-2023 01:40 PM
Petar84
Level 2
Selce, Croatia
‎16-05-2023 01:40 PM

it looks like the world is moving forward and AirBnb backward with features. Everyone is adopting at least TOTP for security 2FA, and even rolling our passkey features.

While we are stuck here with pin and questions, I don't even see the point of them whenever you want to change something they require a code from the phone.

 

hopefully, we get at at least TOTP soon

‎16-05-2023 01:40 PM
2 hours ago
Andrew3532
Level 2
Reston, VA
In response to Petar84
2 hours ago

Yep,  SMS can be intercepted ("smishing" or MITM atttacks) and is no longer considered secure. 

And acording to the current help, 2FA is only available to hosts in EU. 

 No authentication app or FIDO2 key support.

These are the most trusted, modern security methods. 

It does raise concern about how thoroughly the data centers are hardened against a massive global data breach that targets all of the company's assets, not just ours.

2 hours ago
0 Likes

More from Ask about your listing

Explore Resource Center articles