Multi-factor auth

Tim-in-CA · Jun 5, 2025

dleepnw said:
MFA better be optional. Not sure how this is being implemented but I can see issues with this if we have problems with coverage, connectivity, software glitch, phone/watch dead/broken, etc.

Yes. It is optional and you can keep it off. I plan to keep it disabled as well

CANCERDOC · Jun 5, 2025

So how do you valet the vehicle or leave it at the service center for work to be done? What if the owner forgets to turn off MFA? Is the car undrivable? This feature seems very poorly planned out.

2kwik4u · Jun 6, 2025

Tim-in-CA said:
I wonder if customer service has the ability to remotely override for those that get into this situation?

Sooooo...... Still requires a phone. Maybe not yours that had died/lost, but a phone call none the less. Likely doesn't help an out of service range issue.

Personally, I think the BT pairing of the fob was a step too far in the security/usability balance game. MFA is just absurdly further in the wrong direction. I'm glad I can disable it, and generally think it's wasted efforts from the software team. Especially considering there are bigger fish to fry on the software front.

DuoRivian · Jun 6, 2025

2kwik4u said:
Sooooo...... Still requires a phone. Maybe not yours that had died/lost, but a phone call none the less. Likely doesn't help an out of service range issue.

Personally, I think the BT pairing of the fob was a step too far in the security/usability balance game. MFA is just absurdly further in the wrong direction. I'm glad I can disable it, and generally think it's wasted efforts from the software team. Especially considering there are bigger fish to fry on the software front.

They have added nearly all the features people have asked for over the years. Some speed improvements, general bug fixes but not much more to add as new features.

tate16t · Jun 6, 2025

Tim-in-CA said:
I wonder if customer service has the ability to remotely override for those that get into this situation?

Organizations provide an override if you meet various conditions to verify your identity or a self service reset portal. You can also setup multiple devices, your spouses phone for example. All these require a mobile device to call/text someone to disable MFD or reset. The MFA risks we talk about exist for many organizations today.

The easiest workaround is to have someone with another configured device disable MFD and use your keycard which most of us carry anyway. But, you need to contact them

mkhuffman · Jun 6, 2025

I just turned it on in my truck. No experience using it yet, so holding my breath.

tate16t · Jun 6, 2025

I tried it just now and it works well. With your phone locked you’ll get a push notification. If you press and hold that notification, a pop-up will appear to allow or deny. No need to unlock your phone, if you have biometrics enabled.

2kwik4u · Jun 6, 2025

DuoRivian said:
They have added nearly all the features people have asked for over the years. Some speed improvements, general bug fixes but not much more to add as new features.

I think there's a general consensus that bug fixes and performance improvements could be focused on tighter as compared to new features for things like MFA to drive (which will have low acceptance as evidenced by the reactions here).

2kwik4u · Jun 6, 2025

tate16t said:
The easiest workaround is to have someone with another configured device disable MFD and use your keycard which most of us carry anyway. But, you need to contact them

SO, if you don't have cell service, you can't use JUST the keycard to get in and drive IF MFA is active?

This sounds like an easy way to casually forget, drive off grid, then be stuck.

tate16t · Jun 6, 2025

2kwik4u said:
SO, if you don't have cell service, you can't use JUST the keycard to get in and drive IF MFA is active?

This sounds like an easy way to casually forget, drive off grid, then be stuck.

No, someone else with an enabled device turns MFD off and then use your key card or fob to start the vehicle.

Your keyfob and card are both MFD enabled as well so it needs to be turned off.

Dark-Fx · Jun 6, 2025

mikehmb said:
But ... has no one ever dealt with a lost or dead phone before? I carry a key card in my wallet (when I bring my wallet) for backup in the event phone goes missing.

Keep a second emergency phone in the vehicle with the ability to generate the TOTP? Bonus is that you can still dial 911 with a phone that's not activated. C'mon security guy, think a little

RivAW · Jun 6, 2025

mikehmb said:
Ok, through a series of questionable life and career decisions, I'm a security person, by choice. You can decide if it was a good or bad choice, but I have less hair and a twitch in my left eye after many years of this stuff.

I'm intrigued by MFA in the truck's new SW update. It's a clever implementation, and I'm sure it will prevent all sorts of bad behavior, theft, and bring peace of mind to the paranoid among us.

But ... has no one ever dealt with a lost or dead phone before? I carry a key card in my wallet (when I bring my wallet) for backup in the event phone goes missing.

What was wrong with PIN? I would really like that as an option, despite the obvious security shortcomings of a simple 4 or 6 digit code.

What's the backup retrieval / startup method if your phone is dead/gone?

The update notes say you can access a time-based passcode on your phone as a backup.....which entirely disregards the point that if you aren't using your phone, it's likely because its lost or dead

2kwik4u · Jun 6, 2025

tate16t said:
No, someone else with an enabled device turns MFD off and then use your key card or fob to start the vehicle.

Your keyfob and card are both MFD enabled as well so it needs to be turned off.

Appreciate the clarification. Sounds like a continued issue if you're not in cell service range. How else do you contact the other person with an enabled device to disable MFA?

I know "out of range" seems like a somewhat foreign concept in todays "always connected" world, but I think with this vehicle in particular, it will be more common than say an Audi, or a Hyundai. I know a good portion of my weekends are either at the boat ramp or the ski resort. Both of which have little/no service, and are places I leave the vehicle unattended for long periods of time with little security around it. So this "feels" like more of a miss than a hit for me if security is really the goal. If the goal is just to say "we're the only ones that have this tech", then maybe it's a marketing win for Rivian as a whole. I'm also sure there are some who will use it, and like it, and think it's a value add for the truck.

elatrickWheels · Jun 6, 2025

DuoRivian said:
They have added nearly all the features people have asked for over the years. Some speed improvements, general bug fixes but not much more to add as new features.

Well, it would be nice to have text integration.

Noplacelikeloam · Jun 6, 2025

Given the multiple threads blowing up over this (Reddit, here, FB) I assume next update will be a better version? This one seems like a ball dropped.

Multi-factor auth

Tim-in-CA

Well-Known Member

CANCERDOC

Well-Known Member

2kwik4u

Well-Known Member

DuoRivian

Well-Known Member

tate16t

Well-Known Member

mkhuffman

Well-Known Member

tate16t

Well-Known Member

2kwik4u

Well-Known Member

2kwik4u

Well-Known Member

tate16t

Well-Known Member

Dark-Fx

Well-Known Member

RivAW

Well-Known Member

2kwik4u

Well-Known Member

elatrickWheels

Well-Known Member

Noplacelikeloam

Well-Known Member

Similar threads