zidhuss

The Irony of SendGrid's Two-Factor Authentication

As the organiser of the Oman Go community, I rely on SendGrid to send out notifications about upcoming events. Although SendGrid enforces Two-Factor Authentication (2FA) via the Authy app, I prefer to use 1Password for managing my codes. Consequently, my options were to disable 2FA entirely or receive codes via SMS messages to my mobile number. I chose the latter despite potential security concerns.

Today, I encountered a rather frustrating situation when trying to log into my account. Let me recount the series of events:

  1. After entering my username and password, I was prompted for a 2FA code.
  2. The code did not arrive immediately, so I waited for a while, anticipating a delayed SMS.
  3. After 30 seconds, I clicked the text to resend the SMS, only to receive an error message: “App unable to send SMS at this time.”
SendGrid 2FA

SendGrid 2FA

The irony of a message delivery platform being unable to send a message was not lost on me. I decided to investigate further and headed to the support page for troubleshooting 2FA issues.

Support page

Support page

To my surprise, I was required to sign in to submit a support request.

Log in to contact support

Log in to contact support

This brought me back to square one, stuck at the 2FA prompt.

Back to the beginning

Back to the beginning

Upon examining the JSON response when requesting a new code, I discovered that SMS delivery to Oman had been blocked:

{
  "errors": [
    {
      "field": null,
      "message": "delivery blocked: The destination phone number has been blocked by Verify Geo-Permissions. OM is blocked for sms channel for all services"
    }
  ]
}

This was baffling, as I had successfully set up 2FA with SMS delivery when I first registered my account.

In conclusion, my experience with SendGrid’s 2FA process has been less than optimal. While I understand the importance of security measures, the inability to access my account and the lack of clear communication regarding the SMS delivery blockage have been disheartening. I suggest that SendGrid consider implementing the standard Time-based One-Time Password (TOTP) method for creating and sending 2FA codes. This would not only simplify the authentication process but also provide a more reliable and user-friendly experience.