Solved

Feature Request: two factor Google Authenticator for call in support

  • 7 June 2017
  • 9 replies
  • 494 views

I recently read some hacks about using SMS or the last 4 digits to gain access to carrier's support and port the number somewhere else. They do this so they can reset passwords to bank accounts, gmail, paypal, ebay, amazon, twitter and any other account you access with your phone. Really, your phone is the gateway to almost everything you do online.

To prevent this type of hack, companies like T-Mobile MUST implement a Two-Factor authentication system to prevent this type of hack. A two factor system is something I know (A Password, last 4 of SSN) and something I have (RSA Physical FOB or Google Authenticator app).

If T-Mobile is listening, implementing a real two factor system for CALL IN REQUESTS to support. This will almost stop any hacking to accounts that have this type of system setup for authentication.

This type of system is in use by Gmail, Amazon, Ebay, Paypal and many other systems that are truly trying to stop hacking of accounts.

Obviously, you should have a 6+ digit login on your phone so if your phone is lost, it's hard to gain access. but if a Two-Factor system is setup so a representative I call can ask me for my second factor, I have to have the authentication device available to make changes to my account.

Google Authenticator is available for FREE and can be installed, setup and used immediately for anyone that wants to use it and the company (future T-Mobile or bank) they are trying to gain access to is using.

Here is some reading material about a recent hack related to this and Verizon:

https://medium.com/@CodyBrown/how-to-lose-8k-worth-of-bitcoin-in-15-minutes-with-verizon-and-coinbase-com-ba75fb8d0bac

http://avc.com/2017/06/getting-hacked-lessons-learned/

T-Mobile, please listen and implement this for your customers

-Ed

Member since 1999

icon

Best answer by tmo_mike_c 11 June 2017, 21:44

View original

9 replies

Userlevel 6
Badge +15

Hey @eddierock , I believe I've seen you make this recommendation already. (or something similar)

Of course, we always appreciate the feedback and ideas. Thanks for coming here to post your thoughts.

hey tmo_mike until you roll out this feature it doesn't matter if eddierock made this suggestion a million times, it's vital man. How would you like someone to take over your phone through tmobile customer service and drain YOUR bank account?  I came here to make the same suggestion, don't just give a lame generic response "Of course, we always appreciate the feedback and ideas. Thanks for coming here to post your thoughts."  I

How about getting on it and moving this idea "upstream" to someone who will do something about it?

Please

Here we are a year later, and nothing to beef up the T-mobile 2fa. They don't really care. Just lip service.

Just got hacked and tried to sign up for two factor authentication. there's a button, but it's a button to no-where.  They're useless.  Not to mention the person from the Office of the President is100% sure that Pacific Time is 4 hours behind East Coast time.  Really!?! 

So the security expert checking what happened at the time of the hack is a totally useless endeavor. 

Userlevel 1

Another data breach just occurred recently.  Any update on this?

Confirmed: Google Authenticator is now available and working…

 

Start here: https://my.t-mobile.com/account/profile/tmobile_id

and scroll down…

...

Userlevel 2

I added Google Authenticator, but can’t remove SMS text message, meaning a hijacked phone can easily get in.  I would cancel 2fa and then start over if that was possible.  I could not find a way to remove 2fa to keep SMS/text from being an option.  Anybody know if that’s possible?

Yes, it’s absolutely imperative that T-Mobile give us the option of disabling SMS 2-factor authorization as soon as possible. An authenticator app is far superior, but it doesn’t help as long as the security hole of SMS 2fa remains open. Please make this happen T-Mobile!

Badge

I agree.  T-Mobile, can you please give us the option of disable SMS 2-factor authentication when an authenticator app is used?

Reply