Tesla is finally fixing this major security flaw
Tesla is finally adding a much-needed security feature to its mobile app in a bid to try and protect its vehicles.
The carmaker is introducing two-factor authentication (2FA) into its mobile app, meaning users will need to combine login information with a code or identifier linked to their personal device in order to gain access, hopefully boosting security protection for owners.
The move was “embarrassingly late”, admitted Tesla CEO Elon Musk.
Tesla security
“Sorry, this is embarrassingly late. Two factor authentication via sms or authenticator app is going through final validation right now,” Musk wrote in a Twitter response to a question from one of his followers.
2FA has become standard practice for almost all of the world’s top technology firms, with Musk previously saying the platform would be “coming soon” when asked back in April.
Musk first mentioned adding 2FA to the Tesla app in May 2019.
The app allows Tesla owners to access a number of features and systems on their vehicle without being inside, including checking its battery charge level, adjusting the interior temperature, and even locking and unlocking the car remotely.
It’s not known what form Tesla’s 2FA will take, whether it will send out a code to a user’s phone that can be entered to gain access, or use an SMS message to send a password or other information entered using a separate app.
While 2FA utilization has increased dramatically over the past few years, it’s still far from universal. Google and Microsoft both have their own Authenticator apps, which can be used to approve access. However earlier this year both services were found to have an identical security vulnerability which could have allowed hackers access to user information.
The idea behind two-factor authentication is that it’s far more difficult to compromise both factors than either one individually. For example, your debit card acts as a single factor when withdrawing from an ATM. Asking for a separate PIN number substantially reduces the risk of fraudulent withdrawals—even if someone steals your card, they will still need to identify your PIN in order to get any cash.
Via TechCrunch