Feature Request: push notification sent to the mobile application anytime the user is prompted for a 30-second TOTP code. #150

Closed
ThomasHabets opened this Issue Oct 10, 2014 · 7 comments

Comments

Projects
None yet
4 participants
Contributor

ThomasHabets commented Oct 10, 2014

Original issue 151 created by OrtusDux on 2012-03-19T16:53:33.000Z:

Pros:
-In normal usage, the user should never have to manually open the app.
-Malicious login attempts would be immediately noticed by the account owner.

Cons:
-Confusion with multiple devices.
-Phone usage interruptions.

Above and beyond:
-A 'lock down my account' or 'report suspicious login attempts' button in the app could help google flag ip addresses of hackers in a fashion similar to the report spam button in gmail.

tldr: I would love it if the passcode prompt pushed open g-authenticator as smoothly as sending map directions over chrome2phone opens gmaps.

google was assigned by ThomasHabets Oct 10, 2014

Contributor

ThomasHabets commented Oct 10, 2014

Comment #1 originally posted by goatencopyrighted on 2013-06-03T00:38:34.000Z:

On a new phone you can't bloody login to you Google account because the app isn't installed and you can't access SMS if choosing "Don't have your phone?" option before the initial phone startup tutorial. Omfg so annoying

Contributor

ThomasHabets commented Oct 10, 2014

Comment #2 originally posted by ParkerKuivila on 2013-11-22T23:46:10.000Z:

The Twitter app does this for their two step authentication. In terms of the cons you give

  1. I don't see how there would be confusion with devices, all the devices should generate the same code
  2. Interruptions: You can always disable notifications, and people can continue using the app as they do now

I see no reason this shouldn't be implemented.

Contributor

ThomasHabets commented Oct 10, 2014

Comment #3 originally posted by thejonesyboy on 2014-03-12T05:44:52.000Z:

The Facebook app does this perfectly. It provides a push notification that opens the Facebook Code generator app. C'mon Google keep up!

Contributor

ThomasHabets commented Oct 10, 2014

Comment #4 originally posted by davidworkman9 on 2014-03-27T15:36:38.000Z:

If this was implemented you could simply have a deny/allow button on the mobile app instead of having to enter a token.

google was unassigned by ThomasHabets Oct 10, 2014

jimi008 commented Aug 30, 2016

This will be a nice and helpful feature if added in app. Recently lastpass added this type of feature in their authenticator. +1

akerl commented Aug 30, 2016

The google auth app just implements HOTP/TOTP; the server has no way to know what device you have or how to communicate with it. And there's not a challenge it could send over the wire, since the whole algo is based on symmetric keys.

Contributor

ThomasHabets commented Sep 2, 2016

Like akerl said this is not a GA feature request, but a feature request for the services you log in to.

And it looks like Google has released this earlier this year:

http://googleappsupdates.blogspot.com/2016/06/new-settings-for-2-step-verification.html
https://www.neowin.net/news/google-takes-the-pain-out-of-two-step-verification-with-new-push-notifications

Closing.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment