Subscribe

Get the latest posts delivered right to your inbox.

or subscribe via RSS with Feedly!

Bitwage Launches Bitwage Authenticator in iOS and Android Apps

At Bitwage, security is our number one priority. Two factor authentication (2FA) was developed as a layer of protection requiring an additional factor not easily obtained in the same place as the password and username. Systems like SMS 2FA, Authy and Google Authenticator were created to implement this additional layer.

</ br>

However, there have recently been cases where two factor authentication via SMS has been compromised. The US National Institute of Standards and Technology (NIST) has advised that SMS 2FA is insecure due to increased risks that SMS messages or voice calls may be intercepted or redirected.

</ br>

This article describes a wide host of attacks that a hacker can pull off to compromise SMS 2FA: https://www.wired.com/2016/06/hey-stop-using-texts-two-factor-authentication/

</ br>

As such, SMS 2FA and Authy, which relies on SMS 2FA to recover OTP accounts, are vulnerable and not as secure as we would like.

</ br>

We currently offer a TOTP (Google Authenticator) solution as an alternative to logging in via SMS. By leveraging a TOTP solution and disabling SMS login, users can protect against the SMS 2FA attack vectors. However, many users find the current TOTP options less convenient for every day usage.

</ br>

This is why we are happy to announce Bitwage Authenticator, a simple yet effective TOTP workaround to SMS and Authy. When initiating a browser-based login or changing your distribution, you will receive a notification on your Bitwage iOS or Android app. Just click on the notification to open your app.





On iOS, click on the “person” icon on the top left, which will bring you to the authentication screen where you can approve or deny the request.

</ br>

Step 1



</ br>

Step 2



</ br>

On Android, click on the top right menu button and then “Authenticator”, which will bring you to the authentication screen where you can approve or deny the request.

</ br>

Step 1



</ br>

Step 2

</ br>



</ br>

Securely logging into bitwage and changing distributions is now just 3 clicks or less away. No more need for typing in a code or worrying about the 30 second code refresh.





Additional Notes:

</ br>

-For your security, authentication tokens expire after 30 minutes. This means you must hit approve to login within 30 minutes of the 2FA prompt.

</ br>

-If you are logging into the Bitwage App on iOS or Android, you will still need google authenticator or sms. We recommend enabling google authenticator and disabling SMS.

</ br>

-If you are not receiving notifications for logging into Bitwage, the Bitwage Authentication is still working, but you may need to re-download your application to receive notifications.

</ br>

-Team Bitwage

Comments: