![]() ![]() ![]() Google supports proper 2FA.Ī few weeks ago, someone had gone into a T-Mobile retail store in Rhode Island apparently with a very convincing fake ID and accessed my account to start EIPs on two iPhone XRs. Those numbers are harder to compromise, as you need the credentials to the Google Account to port the number thus protecting against porting attacks, and there is no SIM to swap, thus protecting against SIM swap attacks. Stealing a phone number is a bit like stealing a master security token based on the way most people use their numbers.Ī decent workaround is to give banks that require a phone number a Google Voice number tied to a properly secured Google Account. T-Mobile when it doesn't enforce security policies, and the banks for having dependencies that are actually vulnerabilities. Neither T-Mobile nor the banks are in the clear. I don't know what their solution could be, but SMS was never designed to be utilized like this. THEY need to change the way THEY do business on that end. Ultimately, the issue is the fact that banks and other institutions are relying on SMS authentication. Now an opt-in system that forced us to enter PIN to access the account? I could buy that, as long as it was 100% opt-in and was clearly explained to users up front. In store, One time PINs don't universally work bc what happens when someone has lost their phone or are having an issue that is preventing network connection. I'd wager 50% of my customers don't know their PIN at any given time. Some posit that pin should be required in store for every type of account change or transaction, but that's not practical and TMobile and other carriers know this. We have anti-fraud training and resources but were not FBI agents here. If the face and names match, and the ID has UV holograms, it's going to nearly impossible to prevent SIM fraud and the like. I would wager that the person who changed his account info and suspended the line had a very good fake ID created. r/tmoemployees: The sub for employees only Slow Data Speeds? - Read this to learn before you post! Spectrum Gateway - /u/sgteq powered T-Mobile spectrum information T-Mobile for Business issues: Reach out to Mike KatzĬare EVP: Callie Field Neville Ray /u/NevilleRayTmobile.T-Mobile's T-Force is the place to start: Tell us where you live (when necessary), and what model device you are using. Please see the new reddit layout for details on these rules (listed in the sidebar). General speedtests go in the Monday Megathreads Though many T-Mobile employees post here, these views are their own and do not represent the views of T-Mobile. This sub is not moderated by T-Mobile, but many employees post here regularly. The Un-official subreddit of the Un-carrier Please check out our FAQ and rules before posting! - Received a SMS about Account Security? ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |