topic Re: Encourage Public Mobile to drop 2 factor authentication, is not safe, authenticator apps are saf in The Lounge

Encourage Public Mobile to drop 2 factor authentication, is not safe, authenticator apps are safer.

Iamnature — Fri, 02 Aug 2024 02:56:58 GMT

This is the conclusion of the GTA Police, after they tracked down many folk, stealing SIM's, pretending to be the customer and then getting access to the 2 factor authentication as they were getting the verification codes, while you are left out of the picture, calling your cell provider, trying to convince them that they have been scammed. Now, with a company like Public, the only way to access them is by text message, you would have a hard time getting anyone, as your phone would no longer work, lol. They also steal your bank accounts and CC info., its a very tough spot to be in. So, I suggest that Public Mobile offer Authentication apps as a secondary way, if not the primary way of getting access to your account. Public has no human contact in Customer Support, so the need is greater with this type of cell provider! No phone # to access customer support! Thus the need to allow for the use of authentication apps.

Re: Encourage Public Mobile to drop 2 factor authentication, is not safe, authenticator apps are saf

Community_QA_ — Fri, 02 Aug 2024 02:57:05 GMT

2fa is not safest but better than none

Check around how many Canadian mobile providers is using and enforcing 2FA and you will know this is still a better way

Re: Encourage Public Mobile to drop 2 factor authentication, is not safe, authenticator apps are saf

computergeek541 — Fri, 02 Aug 2024 02:59:53 GMT

@Iamnature wrote:
This is the conclusion of the GTA Police, after they tracked down many folk, stealing SIM's, pretending to be the customer and then getting access to the 2 factor authentication as they were getting the verification codes, while you are left out of the picture, calling your cell provider, trying to convince them that they have been scammed. Now, with a company like Public, the only way to access them is by text message, you would have a hard time getting anyone, as your phone would no longer work, lol. They also steal your bank accounts and CC info., its a very tough spot to be in. So, I suggest that Public Mobile offer Authentication apps as a secondary way, if not the primary way of getting access to your account. Public has no human contact in Customer Support, so the need is greater with this type of cell provider! No phone # to access customer support! Thus the need to allow for the use of authentication apps.

Public Mobiler does indeed have humans staffing the customer service department. As for not using an authenticator, this likely was a decisions to keep a balance between security and ease of use.

Re: Encourage Public Mobile to drop 2 factor authentication, is not safe, authenticator apps are saf

will13am — Fri, 02 Aug 2024 03:19:38 GMT

2FA is just one layer of digital protection. You have to ask yourself how can someone expose themselves to being SIM jacked.

Re: Encourage Public Mobile to drop 2 factor authentication, is not safe, authenticator apps are saf

softech — Fri, 02 Aug 2024 03:45:30 GMT

Re: Encourage Public Mobile to drop 2 factor authentication, is not safe, authenticator apps are saf

LeighWebber — Fri, 02 Aug 2024 03:45:39 GMT

How exactly do you reach a human customer support agent? Every time I try the chatbot just goes into a loop asking me to choose one of the suggested questions to ask.

Re: Encourage Public Mobile to drop 2 factor authentication, is not safe, authenticator apps are saf

slusagm — Fri, 02 Aug 2024 05:04:41 GMT

To use Chatbot to open ticket, you will need to type Submit Ticket, and choose Contact Us and then enter the login username password and it will bring you to the ticket open page

Re: Encourage Public Mobile to drop 2 factor authentication, is not safe, authenticator apps are saf

golfball — Fri, 02 Aug 2024 05:08:16 GMT

@LeighWebber You can type to the chatbot "submit ticket" and then follow the prompts. If that doesn't work you can message support directly from this page: https://productioncommunity.publicmobile.ca/t5/notes/composepage/note-to-user-id/22437

Re: Encourage Public Mobile to drop 2 factor authentication, is not safe, authenticator apps are saf

BKNS27 — Fri, 02 Aug 2024 05:54:42 GMT

@Iamnature

SIM swapping is not a new thing. Lately I have been reading about scammers stealing iPhones and changing the Apple ID so the original owner can’t access their account and use their Apple Pay and accessing their bank account then factory reset the iPhone and reselling it.

I would be curious on the number stats of how many tried to scam into members account on PM.

There are questions posted on this Community that are questionable and 🎣 to by-passing the security protocol or even tried contacting a CS_Agent and tried answering the credential questions.

Re: Encourage Public Mobile to drop 2 factor authentication, is not safe, authenticator apps are saf

Iamnature — Fri, 02 Aug 2024 10:49:11 GMT

Public Mobile, at a minimum needs to set up an help line, I guess you can use messenger, but a phone line would be best, for folk who know that their phone number has been stolen, the means is not of great importance, but a way around this type of theft does not exist on Public Mobile, I'm waiting for a response from a support agent.

Re: Encourage Public Mobile to drop 2 factor authentication, is not safe, authenticator apps are saf

Iamnature — Fri, 02 Aug 2024 11:00:41 GMT

Response from PM is, "we are working on it and they appreciate my feedback, lol." So they know this is a problem. I use lockdown on my iphone, I find that it is a good practice, limits some apps, but my privacy is more important to me than app performance, so as an example, if I want to use airdrop, I have to disable lockdown and then change the setting back to lockdown afterwards, not too difficult to do, takes a few minutes.

Re: Encourage Public Mobile to drop 2 factor authentication, is not safe, authenticator apps are saf

QQQQQ — Fri, 02 Aug 2024 15:58:56 GMT

It is ridiculous that in 2024 there are not other easy to implement 2FA methods available for Public Mobile. We all know SMS is less secure. PM have made a conscious choice to leave their customers vulnerable by not offering more secure methods such as keys for authenticator apps, security keys, etc. At minimum, if you want to disable receiving 2FA codes via SMS and rely only on receiving via email, you should be provided this option.