Log In  
Ask about your listing

Secure two-factor-authentication

‎12-09-2021 01:23 PM
Paul7667
Level 2
Edinburgh, United Kingdom
‎12-09-2021 01:23 PM

Secure two-factor-authentication

Please let me keep my account secure with a proper 2FA method.

 

What I can see in my account and why it's not good
1) Phone number - Can be spoofed or sim-swapped. Also possible to be stuck with no signal or broken SIM card.
2) PIN - static, basically no different from a longer password
3) Questions - static, basically no different from a longer password

 

What I would want
1) App to verify identity that uses phone native fingerprint reader
2) TOTP, simple standard that's Google Auth compatible
3) Yubikey or other public-key-signing standard

‎12-09-2021 01:23 PM
5 Replies 5
‎16-05-2023 01:40 PM
Petar84
Level 2
Selce, Croatia
‎16-05-2023 01:40 PM

it looks like the world is moving forward and AirBnb backward with features. Everyone is adopting at least TOTP for security 2FA, and even rolling our passkey features.

While we are stuck here with pin and questions, I don't even see the point of them whenever you want to change something they require a code from the phone.

 

hopefully, we get at at least TOTP soon

‎16-05-2023 01:40 PM
‎17-07-2024 02:01 AM
Andrew3532
Level 2
Reston, VA
In response to Petar84
‎17-07-2024 02:01 AM

Yep,  SMS can be intercepted ("smishing" or MITM atttacks) and is no longer considered secure. 

And acording to the current help, 2FA is only available to hosts in EU. 

 No authentication app or FIDO2 key support.

These are the most trusted, modern security methods. 

It does raise concern about how thoroughly the data centers are hardened against a massive global data breach that targets all of the company's assets, not just ours.

‎17-07-2024 02:01 AM
‎22-11-2024 06:31 PM
Katie1750
Level 1
‎22-11-2024 06:31 PM

Sad that this post is from three years ago and they have still not added this feature in the US. I have been removing my payment information from websites that do not have a secure 2FA login method, might have to do the same with Air bnb soon.

‎22-11-2024 06:31 PM
11 hours ago
Angela630
Level 3
Kouchibouguac, Canada
11 hours ago

for the love of God yes!!! 

 

now in Canada AirBnB wants us to input our social insurance numbers and accounts are not protected with MFA. Disgraceful. 

11 hours ago
0 Likes
10 hours ago
Helen3
Top Contributor
Bristol, United Kingdom
In response to Angela630
10 hours ago

Probably for the same reason as they have in the UK to ensure those selling goods or services online declare their income @Angela630 

 

Our government introduced Distance Selling Regulations this year which mandated that online businesses has to collect this information.

10 hours ago
0 Likes

More from Ask about your listing

Explore Resource Center articles