MFA before unlock?!

[Joefly78]

Looking for clarification and advice here before writing a letter to management.

Last weekend, my 11 year old daughter was at the far end of our property near the Rivian. She needed to get into the locked car in order to grab something. She texted me to unlock the car. I opened my Rivian app to do this and was greeted by a request to perform multi-factor authentication before I could unlock my car. I requested the code. Five minutes later it came to my email address and I was able to enter it, resume use of the app and unlock the car for my daughter.

This attempt at increased "security" is actually a liability. What if she were in an unsafe space and needed access to the car immediately? Why should I have to rely on my email in order to unlock my car? This seems INSANE to me. Question for the group I have been unable to answer myself: can this "feature" be disabled? Has any one else run into this?

Like many other posters, this has been my favorite car by far. But this problem, if it's not fixable, is a "never again" moment for me. We can't depend on a phone as a key if it doesn't behave with the same immediacy in the event of an emergency.

Appreciate the help in advance.

Sponsored

 

[mpshizzle]

I have never been asked for MFA for using the app. My guess is that you haven't used the app for a very long time and you got signed out, or due to extend inactivity you were asked to re-authenticate

 

[Joefly78]

Thanks for the reply and good question. I used the app earlier that day. If I am not mistaken, the MFA message said something to the effect that they "periodically" require re-authentication, which make me think there's an element of randomness to it? Or perhaps it's on a periodic cycle?

 

[Dark-Fx]

Authentication tokens expire. Only way around this is to log out periodically before they have the opportunity to. You can't disable 2FA anymore unfortunately.

You can switch the method from e-mail to text if that would work better for you.

 

[ATLRivvy]

If this is an issue then either install the Rivian widget on your phone (likely still require period 2FA though) and unlock from widget or buy the key fob for $250 and it works just like any other car

 

[DRJ564]

Liability is quite a stretch.

 

[ATLRivvy]

Liability is quite a stretch.

I’ve noticed that a lot of buyers of expensive EVs are actually older or less tech savvy than you would have thought. For many, any technology beyond a button click feels like a burden

The other alternative by the way is to just give them the keycard so they can unlock the car.. the more I think about it the more confused I am about this complaint to be honest.

 

[Joefly78]

I’ve noticed that a lot of buyers of expensive EVs are actually older or less tech savvy than you would have thought. For many, any technology beyond a button click feels like a burden

The other alternative by the way is to just give them the keycard so they can unlock the car.. the more I think about it the more confused I am about this complaint to be honest.

So true. I am 47. But I'm also a test pilot and have been for 20 years. But what do old folks like me know about safety tech.

Last time I bring a concern up here. Good luck gents.

 

[cohall]

If an occasional 2FA prompt is too much of a burden or a safety concern, I would simply revert back to using the fob or keycard like us old-timers are used to. And I’m being sincere, not sarcastic. If it’s a “Never Again” moment like you say, then I’d carry the fob.

What would you have done with your last vehicle had you been in the same situation?

 

[Scottm]

Bottom line is this is a very rare occurrence that happened at an inconvenient time for you. I can’t remember the last time I had to re-authenticate the app in fact I don’t ever remember having to re-authenticate other than when restoring my phone or reinstalling the app.

 

[racekarl]

To be clear, this was not a "phone as key" issue so much as a remote unlock issue. It's not clear if the PaaK relies on the same authentication as remote unlock, so it's possible the phone might still have unlocked the truck had it been in proximity.

 

[savethemanual]

What a time we're living in when one can unlock a vehicle from anywhere with a computer in our pockets! Wow, remember the days when it was simply a metal key that needed to be cut...ha!

 

[cbrcanuck]

Definitely not a "normal" scenario, and just bad/luck timing with having to reauthenticate. Since tech is always hiccupy and always will be and I just don't feel like dealing with it often, I use the FOB as my primary and keep a backup (phone or keycard depending on the circumstance). If you're depending on your phone as a key for emergency situations, you're going to be disappointed at some point - even if you just run out of battery.

 

[UnsungZero_OldTimeAdMan]

If an occasional 2FA prompt is too much of a burden or a safety concern, I would simply revert back to using the fob or keycard like us old-timers are used to. And I’m being sincere, not sarcastic. If it’s a “Never Again” moment like you say, then I’d carry the fob.

What would you have done with your last vehicle had you been in the same situation?

This makes no difference if the vehicle and person needing access and the person who does have keyfob and keycard are miles apart. If MFA is set up to text messaging (the way it should be) instead of email, the response time is mere seconds. And if on iOS, one doesn't even need to look at the text message or memorize the code. Once message received, you can just tap on one of the entry boxes and iOS will enter the code for you. This demonstrates why PAAK is superior. It does the same thing a rudimentary keyfob does and much much more. I get why some might cling to familiar old tech. But it's not like the alternative to the keyfob is a supercomputer deep in the bowels of NORAD. You're just tapping on icons displayed on a screen instead of tactile buttons on simple 2.4 GHz emitter. Plus, just look at the difference in battery capacity. You are far more like to find a dead keyfob—when you actually need to use it—than a dead phone. The tech isn't the problem. It's irrational resistance towards something deemed new... which is odd because you've clearly successfully made the leap from ICE to BEV. Emergency situation? If OP's kid can text dad, she can call dad or call 9-1-1.

Since delivery in mid '23, I have never been challenged by MFA when using the Rivian mobile app. It only happens when I access my Rivian account through Safari.

 

[godfodder0901]

This makes no difference if the vehicle and person needing access and the person who does have keyfob and keycard are miles apart. If MFA is set up to text messaging (the way it should be) instead of email, the response time is mere seconds. This demonstrates why PAAK is superior. It does the same thing a rudimentary keyfob does and much much more.

I get why some might cling to familiar old tech. But it's not like the alternative to the keyfob is a supercomputer deep in the bowels of NORAD. You're just tapping on icons displayed on a screen instead of tactile buttons on simple 2.4 GHz emitter. Plus, just look at the difference in battery capacity. You are far more like to find a dead keyfob—when you actually need to use it—than a dead phone. The tech isn't the problem. It's unwillingness to adapt.

Emergency situation? If OP's kid can text dad, she can call dad or call 9-1-1.

In my professional opinion, MFA should never be tied to SMS. E-mail is the better of the two options from a security standpoint.

Sponsored