SO STUPID! AFTER SETTING UP GOOGLE AUTHENTICATOR THEY STILL OFFER SMS OPTION!
For added security from SIM swapping I set up Google authentication on my account for the express purpose so that no one could log in with an SMS code yet you still give that as an option which defeats the entire purpose of setting up Google authentification! This makes absolutely no sense. How can I turn off the option to sign in with sms? so even after setting up Authenticator they give three options to sign in: SMS face ID Authenticator so of course it still leaves me vulnerable to someone Sim swapping if they can log in with my SMS. come on T-Mobile wake up!
How to Remove or Reinstate 2FA Google Authenticator
I am a prepaid plan user and set up a 2FA method through Google Authenticator (GA) when registering my T-Mobile account. As setting up, I received an email stating: "If you didn't make this change or want to remove this feature, please visit us here. If you have additional questions, please visit us here to message or contact Customer Care." I thought I could get help from T-Mobile if I encountered any problems with this 2FA method. Unfortunately, I lost the device that stored my Google Authenticator codes, and I don't have a backup. I want to remove or reset the GA method tied to my account. I've contacted several customer service representatives about this issue, but none have been able to help. Although I can log in to my account using a different two-factor authentication method, such as SMS, I still want to remove or reinstall the Google Authenticator method. This is because if someone gets access to my lost device, they could potentially use the GA method to sign in to my account. I have noticed that many websites, such as banks, allow customers to reinstate their 2FA methods. I want to know if it is absolutely impossible for me to change the GA settings on my T-Mobile account.
Feature Request: Disabling SMS Text if Google Authenticator is enabled
Hi, I am glad that T-Mobile has made Google Authenticator available for 2 factor authentication, but I would like to be able to disable SMS text and the security questions once I have configured Google Authenticator for 2FA. I believe that this would improve security, specially in the wake of the T-Mobile data breach. I'd like to hear from a T-Mobile representative on this topic, and when we might expect such an enhancement on the T-Mobile website? Gracias.2FA methods
I noticed that when I will FINALLY be able to set up 2FA, I am restricted to using low security methods save for app based, and then I can only use Google Authenticator. What I am asking is if this could be changed so that we can use other apps like Authy, Proton Pass, and better yet, hardware based methods like YubiKey? If ye want to BE the best, then do the things that MAKE ye the best.
Security issue: t-mobile will not stop trusting browser!
t-mobile is always trusting my browser and device and it is never asking me for two factor. I tried clearing all cookies but t-mobile just lets me sail on in with only a user name and password. Steps I took… Log in first time. t-mobile asks for dual factor which is good and expected. I accidentally clicked that I did not want t-mobile to ask me again on this device/browser. I could not find any way to "untrust" the browser/device. I could not find any help on this. I logged out and logged back in…t-mobile lets me in without dual factor... I tried clearing all cookies. I log in again, and t-mobile simply accepts my user name and password without any second factor. Most all websites I know allow a user to "untrust" a device, or at least clearing cookies will resume asking for dual factor's second factor. This seems very insecure. Anyone (or any malware) commandeering thebrowser can log in without dual factor and I cannot see any way to stop that…it's like t-mobile is remembering the device/browser some other way…but if that's the case, the online login should have an option to "untrust" the device/browser (or cookies should do the same). Forgive if I'm missing something but I have never seen this kind of behavior before except for cases where dual factor is broken.
Feature Request: Configure 2FA Options Available
I would like to request a feature given that Google Authenticator is available as an option for two-factor authentication. Right now, when I log in, I'm given three options for 2FA: SMS Google Authenticator Email As it stands right now, enabling Google Authenticator provides no additional security if SMS can be selected as an option. Given the potential risks of SIM swapping, SMS as a form of 2FA is useless. Users should have the ability toturn off SMSas a form of 2FA, especially if Google Authenticator is enabled.
