Security issue: t-mobile will not stop trusting browser!
t-mobile is always trusting my browser and device and it is never asking me for two factor. I tried clearing all cookies but t-mobile just lets me sail on in with only a user name and password. Steps I took… Log in first time. t-mobile asks for dual factor which is good and expected. I accidentally clicked that I did not want t-mobile to ask me again on this device/browser. I could not find any way to "untrust" the browser/device. I could not find any help on this. I logged out and logged back in…t-mobile lets me in without dual factor... I tried clearing all cookies. I log in again, and t-mobile simply accepts my user name and password without any second factor. Most all websites I know allow a user to "untrust" a device, or at least clearing cookies will resume asking for dual factor's second factor. This seems very insecure. Anyone (or any malware) commandeering thebrowser can log in without dual factor and I cannot see any way to stop that…it's like t-mobile is remembering the device/browser some other way…but if that's the case, the online login should have an option to "untrust" the device/browser (or cookies should do the same). Forgive if I'm missing something but I have never seen this kind of behavior before except for cases where dual factor is broken.