Add Two Factor Authentication and other login options


#1

Hello

It would be great and more secure if you can enable tow factor authentication in your app. Also login only with your phone number some times can’t be possible. The app has to have an second option to login(ex. email and password) when you can’t get the sms message with the login code.


#2

Revolut already has two factor authentication implemented. The sms code you receive on your phone is the second factor, because you have to be in possession of the phone. The login code is the first factor.

But I agree that Revolut could be more secure. Sms is no longer considered secure enough for two factor authentication, so alternative methods should be explored.


#3

Totally agree. Revolut is becoming more and more important for me and SMS just doesn’t cut it anymore.


#4

I’d love to see an alternative to SMS. Not only is it insecure (plain text), but also it ties login to a single device. It’s less relevant in non-mobile scenarios too, i.e. Revolut Business (which currently sends a code via e-mail)

Would prefer to see Google Authenticator, Authy, or some other generally accepted integrated.


#5

I think I read somewhere that they have 2FA in the roadmaps for Revolut for Business, too many people complained about that email code thing.
Google Authenticator & Authy use the same standard I believe.


#6

Well, they have to come up with something else when PSD2 rolls out anyway.


#7

Not sure that’s related. From what I understood it will be all about APIs and such, so people will grant authorization and some other app/website (AISP) which will then have access to their account through the API (which will now be standard).
The login process (web or in-app) for banks will probably still be up to each bank, I don’t think PSD2 defines this in any way.

I’m guessing the governments will also have better access to real-time data about transfers…


#8

Strong 2 factor authentication for account access is part of it.


#9

I wasn’t aware of it, thanks!
Password + code by email probably is considered as 2FA, not sure about strong though :smiley:

We’ll see :slight_smile: