Was the PIN option removed from Authenticate v5.0?
Yes, the PIN option was removed from Authenticate v5.0. The feature was removed to improve the usability of our Login Request feature, which suffers from users having to present credentials twice on locked phones. By removing the PIN option, we are also able to implement options for wearable devices and accept login requests inside notification actions.
How is this more secure?
We are using a better method to protect the seed. It will be extremely difficult to extract the key from the device, and nearly impossible on devices that use hardware encryption for the keychain or keystore. The removal of the PIN forces users to enable the screen lock on their mobile device in order to use the Authenticate app as a second factor.
What methods are not protected by the screen lock?
The same methods that are not protected today with the previous application PIN will not be protected by the screen lock:
- SMS/Text Message
- Voice OTP
- Push OTP
After upgrading, why are my users seeing an SSL error?
With Authenticate v5.0, the application uses a more secure cipher list and the application may be fail to negotiate a SSL connection with the SecureAuth server. For more information, please refer to this KBA.
Where do I get more information regarding the enrollment process or new features with Authenticate v5.0?
You can refer to our documentation page.
How do I get notified of new releases or app updates?
Sign up for updates here!