MIUI introduces 2-factor authentication for Xiaomi user accounts

MIUI introduces 2-factor authentication for Xiaomi user accounts

For the first time in its history, the Xiaomi custom MIUI Android skin has implemented 2-factor authentication (or 2FA) for this OEM’s software ecosystem. So far, it works to send notifications to all devices connected to a single applicable account in the event of unfamiliar logins.

 XDA contributors have observed that a new option to set up 2FA has appeared on some Xiaomi devices. These phones run MIUI 10, one of the newest versions of this Android skin. This form of 2FA, which is also available within ecosystems such as Google’s, is apparently directed at logins to Mi Accounts. These user accounts are offered to Xiaomi phone, tablet or notebook users who want to use services such as cloud storage from this OEM. Therefore, the introduction of 2FA may be a relief to many of these individuals. It may, for example, be particularly helpful for those with more than 1 such devices connected to the same Mi Account.

On the other hand, the XDA has reported that this form of authentication lacks an SMS-based option, as opposed to many other 2FA systems in common use today. Nevertheless, there is nothing to say that this feature is not on the way. The implementation of 2FA of any kind may be a positive step in any case, particularly as  Xiaomi requires that a user hold a Mi Account in order to unlock their device’s bootloader. For now, there are two options but both are device-based authentication methods. You can either allow login on a different device by tapping the notification sent to your connected device. Or you will be sent a code to a connected device that can be entered on the new device to log in. There isn’t an option to enable SMS-based 2FA yet but we think it will be added later. Enthusiasts who play around with their Xiaomi devices to install custom software have to unlock their bootloader which can only be done using a Mi account. This makes it difficult for someone who would try to misuse the device access.