I have google authenticator enabled on my account, but T-mobile still allows SMS and secret questions as 2FA methods as well. This is not secure, especially after this week’s data theft. What’s the point of enabling google authenticator if it can be bypassed by selecting the DEFAULT of SMS 2FA?
Userlevel 2
I am looking for the exact same information. The SMS pin message is a huge liability and I cannot find a way to disable it.
You said it precisely. Come on T-Mobile, it’s bad enough that we have to endure data breaches repeatedly, but the inability to remove an account feature that is a huge liability to security?? It isn’t like we don’t have choices out there for alternate carriers, you know.
What’s the point of enabling google authenticator if it can be bypassed by selecting the DEFAULT of SMS 2FA?
I too would like a way to disable SMS based 2FA - what is the point of using an authenticator app if the option to receive a code via Text is still enabled. Give us an option to disable SMS based 2FA @TMOBILE!
Any update on this? I added Authy TFA and enabled “always ask” assuming this would disable SMS based TFA but obviously it did not.
I have google authenticator enabled on my account, but T-mobile still allows SMS and secret questions as 2FA methods as well. This is not secure, especially after this week’s data theft. What’s the point of enabling google authenticator if it can be bypassed by selecting the DEFAULT of SMS 2FA?
I just spoke with an Agent about this yesterday. Not a hint of a clue. He thought this was an IOS thing, and wanted to forward me to an Apple specialist. Very nice person, and not his fault at all, as leadership and training comes from above. It’s quite clear that T-Mobile is not offering the option to disable SMS authentication.
deal breaker - moving entire company away from T-Mobile just because of this security flaw
The reason I am hoping to use DIGITS is so that I can actually receive texts and voicemails where I work, which has low to zero cell service penetration, at least in my area of the facility. Requiring SMS authentication essentially defeats the purpose for which I need DIGITS. Another provider has a DAS installed in my building, and I am happy to switch, if TMO is unable or unwilling to remove this roadblock.
ETA on this? SMS is not secure and hasn’t been for years.
I really hope we have a way to do this. I’m getting SMS ID verifications texts and I have Google setup. I just reset my password but still getting the texts. On the line with support and the guy has no idea if this can be done. The tech really asked me to tell him the 6 digit code that says right on the text they will not ask for the code.
This is a major security problem for this company specifically. Not to mention NIST condemning SMS 2FA. How many accounts must be SIM swapped before they implement this?
Yes, it’s absolutely imperative that T-Mobile give us the option of disabling SMS 2-factor authorization as soon as possible. An authenticator app is far superior, but it doesn’t help as long as the security hole of SMS 2fa remains open. You’ve got to make this happen T-Mobile!
I seriously cannot believe that they have ignored this problem.
I am seriously considering leaving T-Mobile just because of this security flaw. I just can't believe they haven't addressed it yet when this brought up two years ago!
T-Mobile doesn’t do security, they do security theater.
They are not serious about real security.
Any updates? I assumed that I just didn’t see the correct option before finding this thread 😣
Reply
New badge winners
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.