Forum Discussion
Security issue: t-mobile will not stop trusting browser!
t-mobile is always trusting my browser and device and it is never asking me for two factor. I tried clearing all cookies but t-mobile just lets me sail on in with only a user name and password. Steps I took…
- Log in first time. t-mobile asks for dual factor which is good and expected.
- I accidentally clicked that I did not want t-mobile to ask me again on this device/browser. I could not find any way to "untrust" the browser/device. I could not find any help on this.
- I logged out and logged back in… t-mobile lets me in without dual factor...
- I tried clearing all cookies.
- I log in again, and t-mobile simply accepts my user name and password without any second factor.
Most all websites I know allow a user to “untrust” a device, or at least clearing cookies will resume asking for dual factor’s second factor.
This seems very insecure. Anyone (or any malware) commandeering the browser can log in without dual factor and I cannot see any way to stop that… it's like t-mobile is remembering the device/browser some other way… but if that's the case, the online login should have an option to "untrust" the device/browser (or cookies should do the same).
Forgive if I’m missing something but I have never seen this kind of behavior before except for cases where dual factor is broken.
did you by chance select “trust this device”?
disregard….asked and answered lol
I have never seen an option to turn off two-factor when signing into my account. It literally asks everytime, which isn't a bad thing but it can get annoying sometimes. Have you tried: my.t-mobile.com>Profile>T-Mobile ID>Enable 2-Step Verification
