We’re changing how you log into Curve

receiving sms codes is an old problem for curve, such tricks could help:

Not clear how an SMS to my phone - the very same device that is running the App I’m trying to log into - is more convenient if I’m somewhere with not very good mobile signal. I know (or can record locally) my password. I can access email via any Internet connection.

That’s before we consider “more secure” and the relative ease of taking over someone’s mobile phone number.

4 Likes

Hi @Namrata,
Still the same. Uninstalled, logged in with magic link, prompted to confirm phone, received SMS, prompted to create passcode that can’t confirm. This time more screenshots.




MOD EDIT

Have you stopped supporting the version with Apple Watch app? Since 3.7.1 that I don’t get a new beta…

1 Like

Hi @HNF-01 ,
We would suggest not to post your account related sensitive information post here.
We have manually fixed your account.
You should be able to complete the swapover flow now.
The issue was because of the way [with and without country code] you had entered phone number in past and now which appeared to be two different numbers in our system.

1 Like

@razzz Sorry for this: we are working on bringing it back to beta test stage but we haven’t been including it in recent betas because of some issues with build tooling

2 Likes

Works now !

1 Like

Hey @Namrata - @Curve_Sam,

Any news about my problem? :sweat_smile:

Hi @Mattia we think you were missing from the feature flag segment we were using. Are you able to try a fresh install and try again?

2 Likes

Hello @Curve_Sam,

Now work, thank you :blush:

4 Likes

Had this yesterday when I went to use the app - I thought it would only happen if I logged out and back in but it seemed to force me to complete it. Was a bit touch and go for mobile reception in that store but thankfully the SMS managed to get through. Android version was able to autoread and complete the code too.

3 Likes

These statements seem pretty incompatible to me. SMS authentication is pretty widely acknowledged to be the weakest form of 2FA (though still better than password-only). Here it looks like SMS being used as the only factor (no password needed), which is a really bad idea.

SMS is a lot easier to hijack than email, so this seems strictly less secure than either password or magic link via email. Am I missing something here?

16 Likes

SMS?! Seriously? Is it 1998? The world is moving away from SMS authentication which is epically unsafe (just google ss7 sms hack). What you should be doing is moving towards TOTP ( RFC 6238), like Google Authenticator or Authy. Why are you intentionally putting your users at risk of getting hacked?!

15 Likes

Yep I use Authenticator Plus on Android and it’s excellent :slight_smile:

Hi, not sure what’s now happening, but no matter what I do with the app, I get it acting as if it’s the first time I’ve ever done so…


It does that to me sometimes after app update. However it clears pretty quickly within 10-15 seconds of opening the app.

Yours seem like something more perhaps , best open a ticket with support@curve.app

2 Likes

When will the headings on the Wallet page revert to this size as displayed on your website…

Hi,

When release the new beta update?

Wishes,
Markus

I agree.

A Really Bad Idea™

Both for security reasons plus lack of cell coverage in many places where I frequently use Curve, such as supermarkets (where I normally connect to their WiFi instead) etc.

I really hope you’ll reconsider this move.

9 Likes

Rather than signing in with your email and password (or magic link), you will instead be asked to enter your mobile number and the verification code we send via SMS.

I would prefer to stay with secure methods of logging in, thank you.

5 Likes