SO STUPID! AFTER SETTING UP GOOGLE AUTHENTICATOR THEY STILL OFFER SMS OPTION!
For added security from SIM swapping I set up Google authentication on my account for the express purpose so that no one could log in with an SMS code yet you still give that as an option which defeats the entire purpose of setting up Google authentification! This makes absolutely no sense. How can I turn off the option to sign in with sms? so even after setting up Authenticator they give three options to sign in: SMS face ID Authenticator so of course it still leaves me vulnerable to someone Sim swapping if they can log in with my SMS. come on T-Mobile wake up!
Feature Request: Disabling SMS Text if Google Authenticator is enabled
Hi, I am glad that T-Mobile has made Google Authenticator available for 2 factor authentication, but I would like to be able to disable SMS text and the security questions once I have configured Google Authenticator for 2FA. I believe that this would improve security, specially in the wake of the T-Mobile data breach. I'd like to hear from a T-Mobile representative on this topic, and when we might expect such an enhancement on the T-Mobile website? Gracias.
Security issue: t-mobile will not stop trusting browser!
t-mobile is always trusting my browser and device and it is never asking me for two factor. I tried clearing all cookies but t-mobile just lets me sail on in with only a user name and password. Steps I took… Log in first time. t-mobile asks for dual factor which is good and expected. I accidentally clicked that I did not want t-mobile to ask me again on this device/browser. I could not find any way to "untrust" the browser/device. I could not find any help on this. I logged out and logged back in…t-mobile lets me in without dual factor... I tried clearing all cookies. I log in again, and t-mobile simply accepts my user name and password without any second factor. Most all websites I know allow a user to "untrust" a device, or at least clearing cookies will resume asking for dual factor's second factor. This seems very insecure. Anyone (or any malware) commandeering thebrowser can log in without dual factor and I cannot see any way to stop that…it's like t-mobile is remembering the device/browser some other way…but if that's the case, the online login should have an option to "untrust" the device/browser (or cookies should do the same). Forgive if I'm missing something but I have never seen this kind of behavior before except for cases where dual factor is broken.
Feature Request: Configure 2FA Options Available
I would like to request a feature given that Google Authenticator is available as an option for two-factor authentication. Right now, when I log in, I'm given three options for 2FA: SMS Google Authenticator Email As it stands right now, enabling Google Authenticator provides no additional security if SMS can be selected as an option. Given the potential risks of SIM swapping, SMS as a form of 2FA is useless. Users should have the ability toturn off SMSas a form of 2FA, especially if Google Authenticator is enabled.
