arrow-left Back to announcements
DATE:
AUTHOR:
The Product Team at Griffin
Security

Implementing two-factor authentication

DATE:
AUTHOR: The Product Team at Griffin

What's changed?

Our platform will require two-factor authentication (2FA) in both sandbox and live mode starting 21st June 2023.

Next time you log in or create a new account, you’ll be asked to register a security device (such as a smartphone). You’ll need to have this device on hand every time you log in or make a payment.

Setting up your security device

This journey might look different depending on your device or browser. This example uses a MacBook with Google Chrome. If you get stuck, check out our guide to 2FA.

1. Choose your device

Your device can be your smartphone, your tablet, or a specialist security key (like a YubiKey). We don’t support laptops as security devices.

Right now, we only support one security device per account - so please choose a trusted device that you will always have on hand!

Click register device, select your preferred option, and follow the on-screen instructions.

2. Scan the QR code

If you use a phone or tablet, you will need to scan the QR code. You don’t need a special authenticator app for this - just open your device’s camera and point it at the screen. You'll be prompted to store your passkey in your device’s password manager (iCloud Keychain in this example).

3. And you’re done!

Remember that 2FA will be required every time you log in or make a payment for enhanced security.

How it works

We use a web standard protocol called WebAuthn to generate a private passkey, which is stored on your chosen security device. This is paired with a public key that is stored on our servers and associated with your account. Both pieces of the pair are needed to generate the authentication token that allows you to log in.

Why passkeys?

We use passkeys because they’re more secure than sending a verification code via email or SMS. Inboxes and SIM cards can be hacked, but authenticating via passkey means no one can log in to your account unless they have physical access to your device.

For more information, check out the 2FA guide in our documentation.

Thanks for reading! You'll be hearing from us again soon. 

If you need support, feel free to reach out through our in-app chat or send a message to product@griffin.sh.

We’re always working to improve our products and enhance your user experience. Stay tuned for more updates!

 Leave feedback on our Slack community

 Experiment with Postman

 Follow us on LinkedIn

Powered by LaunchNotes