What's new
By:
Filters

Mutifactor authentication

H

Haggy

Active Member
Verified Owner
Joined
Apr 8, 2022
Messages
328
Location
Bay Area, California
Cars
Air GT
Referral Code
KLGFJH9Z
It's not clear to me how to use Lucid's mutifactor authentication. I was able to set it up fine, and then I was able to add an authenticator app as a method. For "edit method" it now pops up "Set up the authenticator app for use on another device." But the button say "change device," implying that it's not strictly setting it up on another device but replacing the device used for authentication. There also doesn't seem to be a way to remove email as an option once authentication app is added.

After setting it up, I logged out of the Lucid app and back in, and it did not ask for authentication. I want multifactor authentication more for the sake of not letting anybody who discovers my credentials to install the app and drive away with my car. Asking for web browser logins authentication at least stops people from trying to get into my account repeatedly through a web browser and then trying to use the app after guessing my password.

With my non-Lucid, I have it set up for two authenticator apps, so that my wife and I can both use it. Having an email option means that anybody who breaks into my email can probably reset my password and use the email for authentication.

If it continues not to ask when I log into the app, it's a moot point, but if it does, then I need to figure out the best way to handle things on my wife's phone.
 
There’s a little checkbox to “trust this computer for 30 days” when you authenticate. If you do that, the 2-factor won’t appear again until that cookie times out.

Any other computer you log in to would require 2-factor the first time. So you are safe from someone else getting your credentials.

Pretty standard stuff.
 
If someone gets ahold of your email account, you have much bigger things to worry about than your Lucid account.

But I agree. I’d love to eliminate the email option altogether. I hate the constant barrage of log in emails I get from everyone these days.
 
joec said:
If someone gets ahold of your email account, you have much bigger things to worry about than your Lucid account.

But I agree. I’d love to eliminate the email option altogether. I hate the constant barrage of log in emails I get from everyone these days.
Click to expand...
It's not likely that anybody would get ahold of my email account, which also has 2FA through an authentication app. And for my Lucid account, I don't use the same email address, although mail from Lucid gets forwarded to my account. Nobody but Lucid knows that email address. And I don't reuse passwords. But I don't like it when companies tell me that they are giving me more security when I can't remove the less secure option.

Regardless, even though it's unlikely that anybody would get an app and try to guess a password for an email address that they wouldn't know, I don't like the idea of anybody being able to install an app on a new device, enter credentials without 2FA and get access to a car. With some cars, that also means access to the garage. Which might mean access to power tools, and by extension, access to the house. Since the car's app isn't something that I'd normally log out of, and since my phone needs a fingerprint, 2FA isn't a significant inconvenience for the app.
 
joec said:
There’s a little checkbox to “trust this computer for 30 days” when you authenticate. If you do that, the 2-factor won’t appear again until that cookie times out.

Any other computer you log in to would require 2-factor the first time. So you are safe from someone else getting your credentials.

Pretty standard stuff.
Click to expand...
Yes, I tried that, and then tried on another device once I realized that I had checked the box and made it impossible to check on the same device for a while. It was logging out of the app and logging back in but not getting prompted for 2FA that surprised me, so I wouldn't consider it pretty standard stuff. I've never had anything else that required 2FA for everything but an app.
 
Haggy said:
Yes, I tried that, and then tried on another device once I realized that I had checked the box and made it impossible to check on the same device for a while. It was logging out of the app and logging back in but not getting prompted for 2FA that surprised me, so I wouldn't consider it pretty standard stuff. I've never had anything else that required 2FA for everything but an app.
Click to expand...
Ahh. The app hasn’t been updated since they introduced 2FA. I’m sure they will add that in the next version.

Didn’t realize you were talking about the mobile app. Yeah. That’s a problem if they don’t add that.
 
joec said:
Ahh. The app hasn’t been updated since they introduced 2FA. I’m sure they will add that in the next version.

Didn’t realize you were talking about the mobile app. Yeah. That’s a problem if they don’t add that.
Click to expand...

I did make sure to check whether or not the app was updated before I posted and it wasn't. At least that's the case for Android. I have no idea how good Lucid is with keeping that in sync with the iPhone version.
 
You must log in or register to reply here.

Similar threads

Sandvinsd
RESOLVED Lucid App showing wrong EA station
2
Replies
27
Views
8K
Lucken
L
Tesla2Lucid
Electrify America: you may need to open the Lucid App to charge!
2 3 4
Replies
61
Views
7K
kpbhat
kpbhat
A
EA fails again
Replies
3
Views
1K
kort6776
kort6776
andrew61
Set up a second profile with mobile app
Replies
10
Views
7K
Amster
Amster
D
I lost my lucid account
Replies
5
Views
7K
Alex
Alex
Back
Top