Releases
See What's New at Avochato.
All Categories
What's New at Avochato
Two Factor Authentication, MMS Blocking, A2P Registration Enhancements

Two Factor Authentication, MMS Blocking, A2P Registration Enhancements

July 2, 2024

Last updated on July 2, 2024

A2P

Canadian Use-cases

You can now properly apply for A2P using Canadian Brands and Use-cases.

Updates

Block Inbound MMS

You can now opt out of receiving MMS attachments. This is configured per inbox under “Settings > Convo MGMT”.

Notion image

Blocking inbound attachments does not prevent you from sending outbound attachments. It also does not automatically hide or archive existing MMS attachments in your inbox, it will only prevent new attachments from being logged in your inbox.

The metadata for corresponding MMS message events will still appear in your inbox, but your team will not be able to access the contents and Avochato will not store them at all.

Text messages attached to an inbound MMS will still appear.

Two Factor Authentication (2FA)

We’ve rolled out new, optional, settings that can be enabled at the Organization-level to enforce all sessions to use a secondary authentication method whenever a member of your organization signs into Avochato, by any means (including sign-ins through Okta, Azure AD, or via the usual sign-in page).

Organization owners should always feel secure that, despite increasing numbers of users or inboxes, they are fully in control of who can access what parts of Avochato and their secure contact information.

  • Will I have to do 2FA every time I use Avochato?

      • Every new device will require confirming a two-factor code sent to your device. Your session will remain valid until it expires or you log out manually from that device.

  • How can I enable this?

      • Organization owners can turn on these features to immediately require all users to authenticate with a second factor no matter how they are signing into Avochato, for all inboxes across the organization.

  • What will my users experience when they try to log in?

      • When authenticating using your email and password, you’ll receive a temporary one-time login code via SMS. Enter the code after using your correct email+password combination, and you are good to go.

      If you choose to login via your phone number, you will first receive a code to your phone, as usual, and then a secondary code will be sent to your email address associated with your Avochato login.

Users must have a phone number setup in their profile in order to properly authenticate via SMS.

Any users who have not linked their phone number to their Avochato user MUST link it to an SMS-capable handset in order to sign into Avochato via 2FA.

Additionally, security-minded users can proactively protect themselves by turning 2FA for all sign-ins via their www.avochato.com/profile (if their organization has not already enforced it across the platform).

Additional Security Constraints

The Avochato team has been diligently staying ahead of the industry’s common attempts at phishing, brute-forcing, and social engineering that are used to hijack user credentials. As part of this release, we have implemented additional security constraints to prevent re-use of sessions, hijacking of existing sessions, and rate-limiting of parts of the system that could be abused by malicious actors. As always, never share your Avochato credentials with anyone or store the credentials in plain text.

Avochato support representatives will never ask for your password or login code(s).

Bug fixes

  • Fixed a UI issue that prevented smoothly inputing validation codes on some Android browsers and Chrome for iOS .
 
Did this answer your question?
😞
😐
🤩