Issue
I saw that SMS 2FA is now deprecated and would like more information on this change.
Applies To
- All Customers
- Account Security
- Login
Resolution
Users with existing SMS/text message based two-factor authentication will be able to continue using the feature in most cases. If you currently have SMS/text message based 2FA enabled on your user account and it is not working as expected please contact our Support team.
Wait… what is happening?
Sentry no longer allows new enrollments in our SMS/text message based two-factor authentication for user accounts.
Am I impacted?
If you do not already have SMS 2FA enrolled on your user account, you will not be able to enroll in it. You will need to use one of our other two-factor options.
If you are already enrolled in SMS 2FA on your user account, it will continue to work as expected. For example, you will still receive a message with your one-time passcode when logging into Sentry. However, if you delete your SMS 2FA configuration you will not be able to set it back up. You’ll need to use one of our other two-factor options.
What other 2FA options do I have?
Sentry currently supports 2FA via an authenticator app like Authy, Google Authenticator, 1Password, or any TOTP compatible application.
We also support 2FA via hardware keys compatible with U2F/FIDO like a Yubikey, Titan Security Key, or Apple’s TouchID (requires Google Chrome).
When will SMS 2FA be deprecated?
On August 12th, 2022.
What about self-hosted installs of Sentry?
SMS two-factor authentication on self-hosted installations of Sentry will still be available and enabled as an option for your users by default.
If administrators wish to disable SMS two-factor enrollment for users, set the sms.disallow-new-enrollments
option to True
in your config.yml
.
To use SMS two-factor authentication on your self-hosted instance you will need a Twilio account and the appropriate configurations set in your config.yml
. For more details on configuration options, refer to our documentation.
Why are you deprecating SMS 2FA?
Two reasons:
- SMS is one of the weaker options for two-factor authentication. While it is better than nothing, we support stronger methods of 2FA more resistant to attacks.
- Sentry has seen a significant increase in SMS fraud.