Forum Discussion
Feature Request: two factor Google Authenticator for call in support
I recently read some hacks about using SMS or the last 4 digits to gain access to carrier's support and port the number somewhere else. They do this so they can reset passwords to bank accounts, gmail, paypal, ebay, amazon, twitter and any other account you access with your phone. Really, your phone is the gateway to almost everything you do online.
To prevent this type of hack, companies like T-Mobile MUST implement a Two-Factor authentication system to prevent this type of hack. A two factor system is something I know (A Password, last 4 of SSN) and something I have (RSA Physical FOB or Google Authenticator app).
If T-Mobile is listening, implementing a real two factor system for CALL IN REQUESTS to support. This will almost stop any hacking to accounts that have this type of system setup for authentication.
This type of system is in use by Gmail, Amazon, Ebay, Paypal and many other systems that are truly trying to stop hacking of accounts.
Obviously, you should have a 6+ digit login on your phone so if your phone is lost, it's hard to gain access. but if a Two-Factor system is setup so a representative I call can ask me for my second factor, I have to have the authentication device available to make changes to my account.
Google Authenticator is available for FREE and can be installed, setup and used immediately for anyone that wants to use it and the company (future T-Mobile or bank) they are trying to gain access to is using.
Here is some reading material about a recent hack related to this and Verizon:
http://avc.com/2017/06/getting-hacked-lessons-learned/
T-Mobile, please listen and implement this for your customers
-Ed
Member since 1999
Hola @eddierock , I believe I've seen you make this recommendation already. (or something similar)
Of course, we always appreciate the feedback and ideas. Thanks for coming here to post your thoughts.
- BlueHeronRoaming Rookie
I added Google Authenticator, but can't remove SMS text message, meaning a hijacked phone can easily get in. I would cancel 2fa and then start over if that was possible. I could not find a way to remove 2fa to keep SMS/text from being an option. Anybody know if that's possible?
- rigamarole999_Newbie Caller
hey tmo_mike until you roll out this feature it doesn't matter if eddierock made this suggestion a million times, it's vital man. How would you like someone to take over your phone through tmobile customer service and drain YOUR bank account? I came here to make the same suggestion, don't just give a lame generic response "Of course, we always appreciate the feedback and ideas. Thanks for coming here to post your thoughts." I
How about getting on it and moving this idea "upstream" to someone who will do something about it?
Por favor
- farquartNewbie Caller
Here we are a year later, and nothing to beef up the T-mobile 2fa. They don't really care. Just lip service.
- Alex_DailyRoaming Rookie
Confirmed: Google Authenticator is now available and working…
Start here: https://my.t-mobile.com/account/profile/tmobile_id
and scroll down…
…
...
- tabletloverRoaming Rookie
Yes, it's absolutely imperative that T-Mobile give us the option of disabling SMS 2-factor authorization as soon as possible. An authenticator app is far superior, but it doesn't help as long as the security hole of SMS 2fa remains open. Please make this happen T-Mobile!
- tmo_mike_cModerador
Hola @eddierock , I believe I've seen you make this recommendation already. (or something similar)
Of course, we always appreciate the feedback and ideas. Thanks for coming here to post your thoughts.
- whythehelldoineNetwork Novice
Just got hacked and tried to sign up for two factor authentication. there's a button, but it's a button to no-where. They're useless. Not to mention the person from the Office of the President is100% sure that Pacific Time is 4 hours behind East Coast time. Really!?!
So the security expert checking what happened at the time of the hack is a totally useless endeavor.
- whistRoaming Rookie
Another data breach just occurred recently. Any update on this?
- YXANewbie Caller
I agree. T-Mobile, can you please give us the option of disable SMS 2-factor authentication when an authenticator app is used?
- jaybo234Roaming Rookie
I'm just so annoyed right now that they don't give us this option to disable SMS 2fa.
this is grounds to switch to another company. T-Mobile you are stupid idiots! You've had five years to correct this problem
Contenido relacionado
- Hace 4 meses
- Hace 2 años
- Hace 9 meses
- Hace 10 años