An update on identity verification and login challenges

Back in May, we communicated the upcoming launch of login challenges–a new feature aimed at keeping domain accounts safe from hijackers, even if they have attained a user’s username and password.

The login challenges feature was rolled out slowly over the past few weeks, and impacted a large number of domains this week. The initial intent was not to expose this feature to users with 2-Step Verification enabled and domains using SSO. While the challenge feature is not enabled for domains using SSO, many users in these domains did see a prompt to enter their phone number as a means of verifying their identity in the future.

This understandably caused confusion and led to escalations to admins. Upon hearing of this confusion, the launch of the interstitial prompt was temporarily rolled back for all domains until SSO domains can be fully excluded, at which point it will be relaunched. We are passionate about keeping our users’ information safe and secure, so we do plan to enable login challenges for domains using SSO later this year.

Furthermore, enabling 2-Step Verification provides the highest level of protection for users, so we encourage domains to take advantage of this offering to protect their data.


For more information:


Reference by :