Tesla CEO Elon Musk acknowledged Friday that the company was ‘embarrassingly late’ rolling out a security layer known as two-factor authentication for its mobile app.
“Sorry, this is embarrassingly late. Two factor authentication via sms or authenticator app is going through final validation right now,” Musk wrote Friday in response to a question from a Twitter follower.
Musk said in April that the additional security layer was "coming soon." He first mentioned that the company would add two-factor authentication back in May 2019. Tesla owners have stepped up their calls for two-factor authentication as the rest of the tech community has adopted the security feature.
Sorry, this is embarrassingly late. Two factor authentication via sms or authenticator app is going through final validation right now.
Two-factor authentication — also known as two-step verification — combines something you know, like a password, with something you have, like your phone. This is a way to verify that the real account holder — or car owner — is logging in and not a hacker.
Some websites do this by sending you a code by text message. But hackers can intercept these. A more secure way of doing it is by sending a code through a phone app, often called an authenticator, which security experts prefer.
Beefing up the security on the Tesla mobile app is particularly pressing. The Tesla app is a critical tool for owners, giving them control over numerous functions on their vehicles.
When Bluetooth is enabled, the Tesla app allows drivers to use their phone as a key to Tesla’s newer vehicle models. The app also lets the user remotely lock and unlock the doors, trunk and frunk, turn on the HVAC system, monitor and control charging, locate the vehicle and schedule service — to name a few of the main capabilities.
These days, two-factor authentication is common and widely employed to stop hackers from using stolen passwords to break into users' accounts. What's unclear with Tesla is whether the two-factor tool will rely on SMS or a phone app. Musk said the final validation was for SMS "or" authenticator app, a statement that leaves that critical question unanswered.