IN REVIEW

Please support TOTP 2FA

  • 23 January 2020
  • 2 replies
  • 233 views

SMS is not suitable for 2FA. SMS messages can show on locked devices, and SIM swap attacks can allow malicious parties access to intercept SMS messages without ever having access to your device.

 

Additionally, companies often carelessly use phone numbers as both an authentication factor and an account recovery mechanism — a setup this is actually less secure than a password and no phone number. Now I’m sure none of you currently at Mixpanel would do that, but think of your doubtless less-informed future colleagues.

 

Please support TOTP instead of (or, if you must, in addition to) SMS for 2FA.


2 replies

Userlevel 6
Badge +4

@paulbustsout we have submitted a product gap on your behalf with our product and engineering team. 

Please make sure you are subscribed to this Idea - via the Subscribe star button at the bottom of the post - to get emailed updates on its progress.

Userlevel 1
Badge

+1 from me. I’m shocked that there is no votes for this suggestion. Critical data for companies with so weak 2FA. We need something better. please consider that.

Reply


Mixpanel