Introducing Authy Push

From day one, Gemini has required 2FA using the Authy service for all accounts. Starting on March 13, 2018 we will be enabling a new Authy feature for added security while performing sensitive transactions: Authy push notifications. Sessions vs transactions Most consumer-grade authentication systems operate at the level of sessions. Users provide their credentials — which may involve multiple factors such as a password in conjunction with a short-lived, one-time passcode. This initial step creates an authenticated “session” lasting for a fixed duration (e.g., one hour). During this time, users are allowed to browse around the site and use various […]

Better Two-Factor Authentication (2FA)

We have required all of our customers to use two-factor authentication (2FA) from day one. In keeping with our security-first philosophy of protecting and educating our customers, we want to provide some background on our 2FA system to encourage our customers to use the Authy app for 2FA rather than SMS, and to dispel some common misconceptions. About Authy Gemini uses the Authy service for 2FA. Authy is an independent cloud service called on to perform secondary verification once we have checked that a customer has provided correct login credentials (i.e., email and password). Authy offers multiple options for second-factor […]