As BlockFi’s security journey continues, we’ve identified a number of areas where we can improve user experience and security. A key focus has been client authentication on our platform. Currently, we offer two-factor authentication (2FA) and allowlisting to help keep our clients’ personal data and digital assets protected. And now we’re partnering with Auth0, one of the world’s leading identity-management companies, to make the authentication experience easier and safer than ever before, starting November 3, 2020.
Auth0 provides identity verification and security solutions for some of the largest and most complex use cases, serving global enterprises across 70 countries and securing billions of login transactions every month. It’s a natural fit for BlockFi, since we’re continuing to build an industry-leading security program for an ever-growing, globally distributed user base.
“We help major organizations around the world build the most secure authentication available on the market today,” said Duncan Godfrey, Head of Security at Auth0. “Our capabilities are well-suited for a fast-growing firm like BlockFi, and we’re eager to lend our expertise to provide even greater peace of mind for BlockFi’s clients.”
Authentication is one of the most important security features of any application or platform, and for BlockFi clients, that experience is about to improve dramatically. For one, you’ll notice that the login screen for your BlockFi account will look somewhat different.
In the coming months, you’ll also notice a new and improved two-factor authentication (2FA) process. When attempting to make a withdrawal or perform other important actions, you’ll be able to use a Google Authenticator code instead of relying on legacy 2FA protocols, such as email. In recent months, we’ve made several enhancements to how internal services and users authenticate, and we’re excited that this change will be the first for our client-facing products.
“As many of you have read in my previous posts, the BlockFi security journey is well underway. Moving to Auth0 will enable us to provide a more scalable and secure authorization capability to our client-facing products,” explained Adam Healy, Chief Security Officer at BlockFi. “We are excited to take full advantage of the new capabilities Auth0 brings and I encourage all of our clients to log in and set up 2FA.”
We will be gradually transitioning clients over the next few months to Auth0. When you’ve been selected to be migrated, if you have 2FA enabled, you will be required to enter your existing 2FA challenge and then re-setup 2FA. If you do not have 2FA, we highly suggest to set it up by following these instructions. You will then be seamlessly transitioned upon logging in. You cannot proactively go into your settings to be migrated–BlockFi will handle the migration upon login.
If you have any questions about our new authentication process or want to learn more about BlockFi’s security policies, feel free to reach out to our team at email@example.com. We’d love to hear from you.