Forum Discussion
Feature Request: two factor Google Authenticator for call in support
I recently read some hacks about using SMS or the last 4 digits to gain access to carrier's support and port the number somewhere else. They do this so they can reset passwords to bank accounts, gmail, paypal, ebay, amazon, twitter and any other account you access with your phone. Really, your phone is the gateway to almost everything you do online.
To prevent this type of hack, companies like T-Mobile MUST implement a Two-Factor authentication system to prevent this type of hack. A two factor system is something I know (A Password, last 4 of SSN) and something I have (RSA Physical FOB or Google Authenticator app).
If T-Mobile is listening, implementing a real two factor system for CALL IN REQUESTS to support. This will almost stop any hacking to accounts that have this type of system setup for authentication.
This type of system is in use by Gmail, Amazon, Ebay, Paypal and many other systems that are truly trying to stop hacking of accounts.
Obviously, you should have a 6+ digit login on your phone so if your phone is lost, it's hard to gain access. but if a Two-Factor system is setup so a representative I call can ask me for my second factor, I have to have the authentication device available to make changes to my account.
Google Authenticator is available for FREE and can be installed, setup and used immediately for anyone that wants to use it and the company (future T-Mobile or bank) they are trying to gain access to is using.
Here is some reading material about a recent hack related to this and Verizon:
http://avc.com/2017/06/getting-hacked-lessons-learned/
T-Mobile, please listen and implement this for your customers
-Ed
Member since 1999
Hey @eddierock , I believe I've seen you make this recommendation already. (or something similar)
Of course, we always appreciate the feedback and ideas. Thanks for coming here to post your thoughts.
I found this answer on reddit and it worked for me: (thanks to JHyde2109!!)
Old post, but I was able to make changes for 2FA on my prepaid account by following something from this URL: https://www.howardforums.com/showthread.php/1928713-Any-way-to-stay-logged-into-T-mobile-account
> Login to TMo account then copy/paste:
> https://account.t-mobile.com/sap/v2/profile/security-dashboard
> After that it should give you option for text or 2FA code to login so you don't have to bother with texts
Thanks for the info Alex! It worked for me Dec 12, 2023
I'm just so annoyed right now that they don't give us this option to disable SMS 2fa.
this is grounds to switch to another company. T-Mobile you are stupid idiots! You've had five years to correct this problem
I agree. T-Mobile, can you please give us the option of disable SMS 2-factor authentication when an authenticator app is used?
Yes, it’s absolutely imperative that T-Mobile give us the option of disabling SMS 2-factor authorization as soon as possible. An authenticator app is far superior, but it doesn’t help as long as the security hole of SMS 2fa remains open. Please make this happen T-Mobile!
I added Google Authenticator, but can’t remove SMS text message, meaning a hijacked phone can easily get in. I would cancel 2fa and then start over if that was possible. I could not find a way to remove 2fa to keep SMS/text from being an option. Anybody know if that’s possible?
Confirmed: Google Authenticator is now available and working…
Start here: https://my.t-mobile.com/account/profile/tmobile_id
and scroll down…
…
...
Another data breach just occurred recently. Any update on this?
Just got hacked and tried to sign up for two factor authentication. there's a button, but it's a button to no-where. They're useless. Not to mention the person from the Office of the President is100% sure that Pacific Time is 4 hours behind East Coast time. Really!?!
So the security expert checking what happened at the time of the hack is a totally useless endeavor.
Here we are a year later, and nothing to beef up the T-mobile 2fa. They don't really care. Just lip service.
