Secure two-factor-authentication

Paul7667
Level 2
Edinburgh, United Kingdom

Secure two-factor-authentication

Please let me keep my account secure with a proper 2FA method.

 

What I can see in my account and why it's not good
1) Phone number - Can be spoofed or sim-swapped. Also possible to be stuck with no signal or broken SIM card.
2) PIN - static, basically no different from a longer password
3) Questions - static, basically no different from a longer password

 

What I would want
1) App to verify identity that uses phone native fingerprint reader
2) TOTP, simple standard that's Google Auth compatible
3) Yubikey or other public-key-signing standard

3 Replies 3
Petar84
Level 2
Selce, Croatia

it looks like the world is moving forward and AirBnb backward with features. Everyone is adopting at least TOTP for security 2FA, and even rolling our passkey features.

While we are stuck here with pin and questions, I don't even see the point of them whenever you want to change something they require a code from the phone.

 

hopefully, we get at at least TOTP soon

Yep,  SMS can be intercepted ("smishing" or MITM atttacks) and is no longer considered secure. 

And acording to the current help, 2FA is only available to hosts in EU. 

 No authentication app or FIDO2 key support.

These are the most trusted, modern security methods. 

It does raise concern about how thoroughly the data centers are hardened against a massive global data breach that targets all of the company's assets, not just ours.

Sad that this post is from three years ago and they have still not added this feature in the US. I have been removing my payment information from websites that do not have a secure 2FA login method, might have to do the same with Air bnb soon.