Revolut for Business - Better Two-Factor-Authentication (2FA)


#1

So far Revolut for Business (R4B) has not been a good experience for me.

One of those annoyances is having to constantly go to and fro with my email to get the access code to login.

I am used to that workflow when signing-up or activating new accounts, or like with my existing business banking, using a one-time-passcode (OTP) to setup a new payment recipient.

Within my first day of use I had over a dozen of these codes.

Suggestions

1). Use Authy; this is available on phone and desktop
2). Use Google Authenticator
3). Use the existing @RevolutApp as an authenticator for R4B; merely login to authenticate or be old school and provide the code via the app (not so annoying with Apple Continuity i.e. shared clipboard)

On this last suggestion, take iCloud as an example: when you try to login via an unrecognised device, one needs to authorise that device. All other recognised devices are prompted to authorise the new one i.e. with a ‘Don’t Allow’ or ‘Allow’ popup; on selecting ‘Allow’, you are presented with a code that is then entered into the unrecognised device. Voilà, Bob’s your uncle.

Or even flip that around: if RevolutApp had a setting to enable R4B authentication - and merely logging in when prompted is not enough, considering this requires RevolutApp’s pin or TouchID - then present a passcode from the R4B login wizard that must be entered into the RevolutApp

:thinking: Why not require all R4B company directors, beneficiaries, employees, users to have RevolutApp? What’s the hardship, assuming this is not the case already (coincidence or otherwise)?


Revolut for Business :office:
#2

I am totally in agreement with @DboRevolut that we need better 2FA but would like us to have a standard system like Google Authenticator because that standard is used by other authenticator style apps too. Also I would like the option of turning of 2FA for a day if I feel that my computer is secure.


#3

Yes amen to this - I’m so frustrated wanting to login and having to wait on an email to come through. I generally use Google Authenticator for 2FA and would prefer that for Revolut Business.


#4

Support for 2FA with U2F tokens such as the Yubico ones would be very nice as well.


#5

@DboRevolut Please can you change the category of this post to the newly created https://community.revolut.com/c/revolut-for-business ? Thanks!


#6

Hi Daniel,

Google Authenticator is not the standard, it is merely an app that implements a security protocol, specifically HMAC-/Time-based One Time Passcode.

I abandoned Google Authenticator a long time ago in favour of Authy, which has more useful features.

That said, there is a companion Revolut app so there is a quick win opportunity - would be awesome if Revolut implemented SQRL.


#7

OK. OK. OK. It’s not a standard in a W3C/IETF sense. Agreed. In fact I use LastPass Authenticator.


#8

Please @andriusb please can we at least extend the timeout on being logged in. 10 minutes is far too little. Please make it at least 30 mins. It’s very frustrating to have to keep loggin back in just to send or receive a message.

And what makes me really upset is writing a long message and pressing send and then nothing happens because I’ve been logged out but the interface has not told me this AND I lose my message!

Please fix both of these issues: extended login timeout and inform user when logged out!

Cheers Daniel


#9

thanks! noted and goes straight to Trello


#10

I agree with @DboRevolut: the current 2FA system is very annoying. Have you planned to support Google Auth and/or U2F keys ?


#11

Hi @jle - thanks for the feedback, we’re aware of the issue and working to fix it.

James