I would like to see non-SMS two factor authentication (2FA), i.e. Google Authenticator, Symantec VIP, etc. I travel a lot and often swap out SIM cards, so the current system is very user unfriendly. Also, text message 2FA is less secure. Why does Revolut not offer leading edge security and convenience?
I’d say it’s for the sake of convenience.
If people are having issues realising they need to keep their number + SIM if they want to login, imagine making them realize they have to keep another app installed 24/7 that can not be as easily switched as a SIM.
Why not offer both options?
I travel a LOT & cannot keep track of the different sim cards I use.
So although I thought Revolut would be awesome at first while traveling, this silly 2FA via SMS is making me think the opposite.
Revolut, please provide the option to do the 2FA via Google Authenticator & make the world travellers’ life much easier.
Some people travel a LOT & cannot always keep the same phone number (sim card). Making this authentication mechanism really inconvenient.
Plus, there are known hacking methods for 2FA via SMS.
What’s most disappointing is the fact that my old-school bank here in Germany has a nice app that I can use to verify transactions. Totally SIM-agnostic and super secure. No need to swap SIMs and much more difficult to hack. In the meantime, you have Revolut, which bills itself as high tech, modern, cutting edge, etc., go old-school and make life difficult for travelers.
Don’t get me wrong, I would appreciate an app based 2FA. But it is a myth that it would be “super secure”, like German IT security researchers from the University Erlangen-Nürnberg showed.
Don’t quite agree. It looks like this is a one-time flaw which can be fixed (“Ursache ist eine Schwachstelle bei einem externen Dienstleister”).
More importantly, I believe it’s generally accepted that it’s more secure than SMS. So just because 2FA isn’t perfect, it’s still the only alternative (that I know of).
I stand by ‘super secure’ if 2FA is done correctly…
This is not the first security flaw they found, it is actually the 3rd one, after looking into photo TAN a while ago (if I remember correctly) and then N26. All three of them app TAN systems. The major concept flaw is, as the main researcher pointed out at the chaos computer congress in winter, using both the app for online banking and the TAN app on the same device. And isn’t it ironic that a piece of software that was meant to make the system more secure actually created the back door?
If you want to talk “super secure”, you need setups like TAN generators that use chip cards for example.
Don’t get me wrong, I am not against app TAN. I just don’t think it qualifies for the label “super secure”.
I’m quite concerned that my Revolut business account is using email verification which is incredibly insecure. A malicious employee could easily wait until an employee with admin access to email could easily hijack multiple users accounts and transfer all my savings away. Alternatively if someone is AFK for a few minutes someone could quickly login to their computer and make themselves payments and verify using their open email account.
Would be much more secure if it used phone instead of email.