Rivian Two-Factor Authentication (2FA) Beginning Dec 13, 2024

godfodder0901 · Dec 4, 2024

HaveBlue said:
You might want to browse the dark web as password hashes are compromised by the millions due to poor server configurations and security. Don't assume that there aren't Rivian owners here with degrees in computer science. There are plenty of examples of companies losing plain text passwords and hacking stores that bypass hashes. We have no way of knowing as users on our end how business is conducted.

Coincidentally came across this morning and it is pertinent to this thread since 2fa is often sim based.
https://www.zdnet.com/article/fbi-c...essaging-apps-in-wake-of-massive-cyberattack/

I'm plenty aware of the kinds of breaches you mention. Poorly configured servers do not obviate the need for secure passwords, but highlight their usefulness.

And don't assume you're the only Rivian owner with a CS degree... ?

Electrified Outdoors · Dec 5, 2024

I’m surprised they haven’t required it before now especially since they don’t have a Pin to drive feature.

I would argue that text and email are not enough and that an authentication app the generates rolling codeis better

I have several connections I use DIMO, ElectraFi, and Recurrent though I have a special account just for that in case there is a polling issue. Also more secure than using the owner acct..

SwampNut · Dec 5, 2024

godfodder0901 said:
And don't assume you're the only Rivian owner with a CS degree... ?

Right, and/or decades of experience. Usually the noobs are the most paranoid though.

HaveBlue · Dec 5, 2024

SwampNut said:
Right, and/or decades of experience. Usually the noobs are the most paranoid though.

lol he said what I said...

fxstein · Dec 6, 2024

godfodder0901 said:
No. Many work with MFA. I have it set and still use the HA integration.

Same. Works just fine. MFA should be mandatory on any website we use. Really a no brainer.

schlosrat · Dec 6, 2024

godfodder0901 said:
I agree with your assessment right up until the point you let AI insinuate that email/SMS 2FA is less secure than no 2FA. This simply isn't true. Are there significantly better/more secure ways to implement 2FA? No doubt. But is it somehow less secure than not having it? Absolutely not.

So you agree up to the point he happened to use AI to neatly summarize all the real sources he also supplied? If he'd based his whole argument on what AI summarized for him, you'd have a fair point perhaps - but he didn't do that, did he?

godfodder0901 · Dec 6, 2024

schlosrat said:
So you agree up to the point he happened to use AI to neatly summarize all the real sources he also supplied? If he'd based his whole argument on what AI summarized for him, you'd have a fair point perhaps - but he didn't do that, did he?

Um.. Yes, he did? He also gave a biased prompt to AI in order to get the answer he wanted, instead of a correct answer... Gemini had no choice but to corroborate his false claim with the prompt "why 2fa sms is worse than no 2fa".

You know what he didn't do? Read any of the articles he referenced. They clearly state:

Do I even need two-factor authentication if SMS is so vulnerable?
Yes! In addition to creating strong passwords and using different passwords for each of your accounts, setting up 2FA is the best move you can make to secure your online accounts -- even if you insist on receiving codes via SMS. Two-step verification via SMS is better than one-step verification where a hacker needs only to obtain or guess your password in order to gain access to your data. Don't be the low-hanging fruit with an account that is the easiest target for hackers.

Second, using SMS for 2FA is much, much more secure than using no 2FA at all.

While SMS 2FA is considered a relatively secure form of 2FA, it’s not without its flaws.

schlosrat · Dec 6, 2024

godfodder0901 said:
Um.. Yes, he did? He also gave a biased prompt to AI in order to get the answer he wanted, instead of a correct answer... Gemini had no choice but to corroborate his false claim with the prompt "why 2fa sms is worse than no 2fa".

You know what he didn't do? Read any of the articles he referenced. They clearly state:

See, now this is a cogent reply. Thanks for taking the time to pull it together.

iforbes · Dec 7, 2024

Hi all,

I got the electrafi email stating that “Token Authorization Expired For Account”. I recently switched to F2A, I can no longer log in to my Rivian account from the electrafi account to get new tokens. Anyone else having this issue?

I placed a ticket with electrafi but haven’t heard anything back yet.

tate16t · Dec 7, 2024

iforbes said:
Hi all,

I got the electrafi email stating that “Token Authorization Expired For Account”. I recently switched to F2A, I can no longer log in to my Rivian account from the electrafi account to get new tokens. Anyone else having this issue?

I placed a ticket with electrafi but haven’t heard anything back yet.

Did you try disabling 2FA on the Rivian account, logging into Electrafi, and then reenabling 2FA after? The problem will be after Rivian enforces 2FA this approach will no longer work since disabling will not be an option. I’m pretty sure when I initially setup Electrafi I took this approach.

dleepnw · Dec 7, 2024

oskeei said:
Is this Rivian's way (at least) to try kill third party tools?

They've always had two-factor authentication. Do you mean they are making it mandatory?

iforbes · Dec 7, 2024

tate16t said:
Did you try disabling 2FA on the Rivian account, logging into Electrafi, and then reenabling 2FA after? The problem will be after Rivian enforces 2FA this approach will no longer work since disabling will not be an option. I’m pretty sure when I initially setup Electrafi I took this approach.

Good work-around (for now lol). I’ll try it later. I think I assumed once I went F2A, that I couldn’t go back.

tate16t · Dec 7, 2024

iforbes said:
Good work-around (for now lol). I’ll try it later. I think I assumed once I went F2A, that I couldn’t go back.

That will be the case starting Dec 13th, hurry ?

iforbes · Dec 7, 2024

tate16t said:
That will be the case starting Dec 13th, hurry ?

Hopefully electrafi updates their “get-a-new-token” script to allow for the new requirements. Sooner rather than later.

HammerFLA · Dec 9, 2024

I hate 2FA! Can someone tell me what secret info I have on my account that cant be easily found on the internet? Name, address, email, etc I have no Credit card info saved on my account!

Rivian Two-Factor Authentication (2FA) Beginning Dec 13, 2024

godfodder0901

Well-Known Member

Electrified Outdoors

Well-Known Member

SwampNut

Well-Known Member

HaveBlue

Well-Known Member

fxstein

Well-Known Member

schlosrat

Well-Known Member

godfodder0901

Well-Known Member

schlosrat

Well-Known Member

iforbes

Well-Known Member

tate16t

Well-Known Member

dleepnw

Well-Known Member

iforbes

Well-Known Member

tate16t

Well-Known Member

iforbes

Well-Known Member

HammerFLA

Active Member

Similar threads