On Sunday, January 19, 2020, 09:05:15 AM EST, Gemini Trust <[email protected]> wrote:
Gemini is continually focused on enhancing its security and providing best practices to our customers for securing their own accounts.
A recent internal security audit of your account determined that you have not disabled Authy “Multi-Device”. Multi-Device allows for multiple devices to approve an Authy push notification and is a potentially insecure setting within Authy.
We strongly encourage you to disable this feature in Authy, as it greatly reduces the risk of account takeover by, increasing the effectiveness of Time-based One-Time Passwords (TOTP).
For more information on what this feature is, and how to disable it, please read below.
What is Authy “Multi-Device”?
Authy recommends that you install your Authy App on multiple devices. This ensures that you’ll maintain access to Authy, even if you lose one device. To make this process easier, Authy provides a feature called “Multi-Device” that allows you to add a new device to your Authy account using SMS. When this feature is enabled, it effectively reduces Authy TOTP authentication to SMS authentication. This setting is the default setting.
How can I disable the Authy “Multi-Device” feature?
Once you’ve added Authy to a backup device, disable the “Multi-Device” feature. Authy also recommends that you disable the “Multi-Device” feature, “to prevent the risk of any unauthorized devices being added.”
To do this, open the Authy App on your phone. Browse to settings and set “Allow Multi-Device” to Disabled. For a more detailed description, see the following Authy documentation.
At Gemini, trust is our product and your security is our priority. When correctly configured, Authy provides strong TOTP authentication, that is substantially more secure than SMS authentication.
If you’d like to learn more about other ways to better secure your account, read our recent blog post, 5 Quick Wins for Securing Your Online Accounts.
Onward and Upward,
Download the app from the Apple App Store
Download app from Google Play
Link to Gemini’s Twitter account
Link to Gemini’s Facebook account
Link to Gemini’s LinkedIn account
Link to Gemini’s Instagram account
If you ever receive a suspicious email from Gemini or the Gemini support team – or someone claiming to be us – please immediately forward it to [email protected], and we will investigate it promptly and confidentially. Thanks for doing your part to help keep Gemini safe!
Copyright © 2020 Gemini Trust Company, All rights reserved.
600 Third Avenue, 2nd Floor,
New York, NY 10016
Unsubscribe from this list
Google Play and the Google Play logo are trademarks of Google LLC.
Apple, the Apple logo, iPhone, and iPad are trademarks of Apple Inc., registered in the U.S. and other countries and regions. App Store is a service mark of Apple Inc.