Online safety and account protection.

Use strong passwords with a combination of letters, numbers, and special characters for your T‑Mobile ID and other accounts. Change your passwords periodically and anytime there’s any sign of misuse. Don’t reuse passwords you’ve used for other sites. Don’t give others your passwords or provide them via phone or email.

Reset your T‑Mobile ID password.

Reset your Customer Care Pin/Passcode. 

Reset your Voicemail password.

Remembering a lot of passwords can be difficult and even risky—that’s where password managers come in. These tools help you generate strong passwords and store them in an encrypted place—all while only having to remember one password to access them. A few password managers we recommend are 1Password, Apple's iCloud Keychain, KeePass, and LastPass. 
 

Keep your home computers and mobile devices safe by running regular software updates and security patches. Consider changing your software update option to "Auto Update" for all software on your computers and mobile devices.
 

Apply two types of identification on accounts where you can, including on your T‑Mobile.com account. For other accounts, review the security options offered by the account provider.

Add two-step verification to your T‑Mobile.com account. 

Have your notifications turned on for logins from other devices on all the accounts you use. Getting notified of suspicious behavior right away is one of the best ways to get ahead of fraud. You can turn on notifications in the settings of the accounts you use, including your T-Mobile account.
 

Biometric data is electronic information about your physical or biological characteristics—like a face or fingerprint scan—that is used to identify you. We recommend enabling Face ID, Touch ID, or Fingerprint ID on your devices. It’s actually safer than a password because it’s unique to you and can’t be misplaced or forgotten.

Scans of your face and fingerprints are not stored on your personal device in the same way that a photo might be. Instead, your biometric data is converted into a unique mathematical representation that can’t be stolen, shared, or copied.

At T-Mobile, we don’t collect or store the biometric authentication data on your device, even when you log in to your T-Mobile account or sign in to the T-Mobile app. 

To learn more about biometric data, read our Cookies and tracking article. 

It’s easy to set up this feature by following the steps at the links below. Once you’ve enrolled, you can quickly and securely unlock your phone, sign in to apps and accounts, and even authenticate purchases.

How to set up Face or Fingerprint ID on an Android device.

How to set up Face ID on an iPhone or iPad Pro. 

How to manage Face or Fingerprint ID in the T-Mobile app.

Your phone’s Subscriber Identity Module (SIM) card stores information, like your phone numbers, service details, and, in some cases, text messages. Most phones still use a removable SIM card, but some have a permanent, electronic eSIM chip. There are ways to protect both from scammers.

Set a security PIN
If your device is lost or stolen, you can prevent someone else from re-using your SIM by setting a strong PIN code that’s hard to guess—for example, don’t use 1234 or 1111. Visit this tutorial to learn how to set your confidential PIN.

Enable SIM Protection
We make it easy and free to lock your SIM card so changes can’t be made to your phone without your permission. To activate your SIM Protection, log in to your T-Mobile account and find the settings under My account > Profile > Privacy and Notification. You can turn SIM Protection on or off for each line on your account using the toggles.

Visit our SIM Protection page for more information.

If your T-Mobile device is lost or stolen, prevent unauthorized access by suspending your account right away. Log into My.T-Mobile.com or call Customer Care by dialing 1-800-937-8997 from any device. Then use Android Device Manager, Find My iPhone, iCloud, or Lookout to remotely lock, locate, or wipe your device.

Get lost or stolen device help.

For worry-free phone protection and support, you can enroll in Protection<360>^® from T-Mobile. It provides coverage for accidental damage, loss, theft, hardware service issues, and more.

It’s also a good idea to review the details of your wireless service plan to see if you have a benefit called “Lost or stolen protection.”

Never confirm your sensitive personal data or account information in response to an unsolicited email, text, or inbound call. T-Mobile will never send you a request for such information, and you should only provide that information to T-Mobile or any other account provider when you have initiated contact to a known, reliable number or address. If our company name or brand is used in efforts to fraudulently obtain personal information, we’ll work aggressively to halt those activities.

SMS phishing or SMShing
If you’re a T-Mobile or Metro customer, report suspicious SMS messages by forwarding the text to 7726. You can also block the sender or opt out of subscriptions.

Email phishing
If you receive a suspicious email, please report it to your email service provider as spam or a phishing attempt.

Voice phishing or vishing
If you’re unsure who’s calling, it’s best to let the call go directly to voicemail. With our free Scam Shield™ app, you can see who’s calling, block calls that are likely scams, and report unwanted calls. 

Learn more in our Help with scams, spam, and fraud support page.

Use anti-malware software from a trusted source and always keep it up to date by letting the software update its file of known issues, called signatures. 

For worry-free phone protection and support, you can enroll in Protection<360> from T-Mobile. This plan includes software to help keep your devices secure from online threats including viruses and malware.

It’s also a good idea to review the details of your wireless service plan to see if your benefits include McAfee^® Security. It can help you stay safer online by protecting your identity and privacy.

Protect yourself by not clicking links or opening attachments from unknown senders. Suspicious links can contain malware or ransomware—a type of malware that encrypts or locks your computer files and demands payment to a fraudster to get them unlocked. Stop and think before you click on something from an unknown or suspicious sender.
 

Be cautious when using public Wi-Fi. Most public Wi-Fi hotspots aren’t secure enough and don’t encrypt the information you send over the internet. Avoid sending passwords, credit card numbers, or other financial information over a public Wi-Fi network and only visit secure websites containing a URL that starts with “HTTPS://”.

If you’re using your smartphone, tablet, or PC as an access point for other devices to connect to the internet, always enable Wi-Fi Protected Access.

At home, consider encrypting your home network by updating your router settings to either WPA3 or WPA2 Personal.
 

The national Do Not Call registry gives you the choice about whether you receive telemarketing calls. Once your number is on the registry, commercial telemarketers are not allowed to call you. Other types of organizations may still call you, like charities, political groups, and debt collectors.

Add your number to the National Do Not Call Registry.