We've added support for more authenticator apps, along with security keys and biometric authentication.With this change, all SMS multi-factor authentication (MFA) has been retired (note: current Authy users will be able to use any authenticator app, not just Authy).
In brief, all users will need to set up one of the following MFA options:
Following the initial setup and upon your next log-in, you will have to use either an authenticator app, security key, or biometric authentication moving forward.
Text messages are sent or received using a phone number tied to a SIM card. SIM cards can be targeted by malicious actors using a method known as “SIM-jacking” or “SIM-swapping”. A SIM-jacking attack occurs when an unauthorized third party tricks the telecom provider into switching the victim’s phone number onto a SIM card that the attacker controls. If the attacker managed to obtain a victim’s password, they would have all the necessary components to compromise the victim’s account. Cybersecurity experts agree that SMS is the least secure MFA method.
Universally, cybersecurity experts concede that using an authenticator app or security key as a MFA method are the most secure.
Authenticator apps and security keys are not susceptible to SIM-jacking attacks that can compromise SMS text messages.
With an authenticator app, the MFA codes are generated on the device itself and change every 30 or 60 seconds. This means an attacker will need to have physical access to a person’s device to be able to obtain the MFA codes. To make this setup even more secure, many authenticator apps can enable an additional passcode that is required to open the app such that even if someone steals the device, they are unable to unlock the app without the passcode.
A security key is even more secure as an unauthorized party cannot gain access to the encrypted passcode provided by the security key without physical access to the security key.
To further strengthen your security, we recommend enabling biometric authentication if your device supports it. Biometric authentication is a method of verifying a person's identity based on their unique physical traits. Examples include fingerprint scanning, facial structure scanning, iris scanning, or voice pattern recognition to authenticate. This is different from traditional forms of authentication, such as passwords or PINs, which can be lost, stolen, or easily guessed. The idea is to use something unique to the individual, and therefore difficult to forge, to confirm their identity.
Most modern smartphones will support at least one method of biometric authentication, whether it is a built-in fingerprint scanner or a front-facing camera system that supports facial recognition.
We recommend that you enable biometric authentication if possible. Cybersecurity experts acknowledge that it is an excellent way to protect sensitive information and prevent unauthorized access.
Closing: All in all, providing additional options for MFA methods gives you the power to choose what suits your needs while maintaining the highest level of security.
If you haven’t already, click here to log in and set up your preferred MFA method right now!
As a reminder, please use vigilance when you receive emails that claim to be from Newton.
Here at Newton, security is a top priority. Remember to always feel free to reach out to our fantastic customer support team if you ever have any questions surrounding this security update or using any Newton product or feature!