cancel
Showing results for 
Search instead for 
Did you mean: 

Account and phone security

allendick
Great Citizen / Super Citoyen

With two-factor authentication loss or theft of a phone can be an issue, but a screen lock (not foolproof) should provide security good enough for most of us but there apparently is risk that someone might approach another provider and call the phone number away to that provider.

 

There are security measures but apparently they are not robust enough to prevent a number of reported high profile events.

 

Since so much depends on our phones these days and access to various accounts can be had through our phone, how secure is our Account and phone number and should we worry?  Are there any additional measures we should take?

16 REPLIES 16

@Anonymous 

Hmmmm....that seems like a security issue unless your name at the beginning has to match. Then you can change the name afterwards.

Anonymous
Not applicable

 @darlicious : I stepped through the process up until paying...no name. Just number and optional IMEI. I don't know what happens after.

@Anonymous 

It's been awhile since I ported in during activation. But I might have a screenshot.....

@softech @Meow 

This is a long standing method of extra account security. Pm doesn't care what your name is as long as you know what you used. My data account does not have my name on it and it does have a well known name on it but of course it could be anyone's regular name. All you need is a screenshot of your account info in case you forget that you are Dolly Parton.


@Meow wrote:

@fujiyama wrote:

Put in a fake/nonsense name and address in your Self Serve account (but ones that


Not that good idea.


agree with @Meow ..

 

problem with fake name and address, one day when you forgotten your My Account logon, you likely would forgotten your fake name and address.  I am not sure any PM agent will able to grant you back your Self-serve access for you being "John Doe" or "Donald Trump"  🙂


@fujiyama wrote:

Put in a fake/nonsense name and address in your Self Serve account (but ones that


Not that good idea. I had 'fake' name on Walmart account and when they cancelled my on-line order and I inquired Why? I had little headache to explain WHY I used funny 'name' instead of real one.

Funny name was used as I do not trust Walmart's security that much...

 

Could your account be hijacked? Probably if somebody is determined. Will it actually? I do not think so. Using strong password might prevent any unauthorized access.

Anonymous
Not applicable

 @darlicious : I mean you don't need a name during activation. Have you looked at the activation porting lately? Am I missing something?

You do need a name to port into an existing account.

@Anonymous 

What do you mean you don't need a name during activation to port in the phone number?

 

@allendick 

To port in a phone number you need the following:

 

  1. Full name on the account.
  2. Phone number.
  3. An identifier.

The identifier can be one of the following:

 

  1. Account #.
  2. Account PIN #.
  3. Phone's IMEI #.

Since #2 and #3 can be accessed on a lost/stolen phone the one thing we do have control over at pm is the name on our account. While a slight misspelling can be used a completely different name is ideal. One can choose randomly or purposely over the top. ie. Kim Kardashian-West, James Earl Jones etc....this can almost 100% ensure the phone number cannot be ported out.

 

Additional security for your account would be to have a specific pm only email that is not easily remembered and to periodically change your password and security question and answer and to periodically change your password for your pm email and use another specific email for password recovery not your cell phone number.

Anonymous
Not applicable

 @allendick : If someone steals your phone then it would be all too easy to port doing an activation and steal the number.

You don't need a name during activation.

That is where the weak link is, in my opinion.

You DO need a name porting into an already activated account.

 

(All this for porting in to PM. I don't know what all info is needed for other providers and if one were to steal a number inside of PM then you kinda might get caught 🙂 )

allendick
Great Citizen / Super Citoyen

I n looking further into this and taking the advice offered, I came across this: Hackers Hit Twitter C.E.O. Jack Dorsey in a ‘SIM Swap.’ You’re at Risk, Too. - The New York Times (n...

 

Is this still an problem or has this hole been plugged?

@allendick 

Public Mobile doesn't offer a porting lock on your phone number, but it would be a good idea if they did.   I have that feature on another account I have with another phone provider.  It gives peace of mind with that account.


@allendick wrote:

 

 my question is this: Is there any way to lock the account to Public Mobile so that it cannot be ported without my permission to Public Mobile. 


This is what SMS/email authentication when requesting SIM change is all about.

 

SIM Swap Fraud: 2 factor-authentication - Community (publicmobile.ca)

 

it is still not perfect.. but a lot better than the old days when there is no such security measure

 

add to @fujiyama  point about password, I guess anything need to remember by everyone is that Email Password MUST be always different from any other logon (yes, it is better to have all different passwords for different accounts.  But if this cannot be done, at least make the email address password different from others).

 

 

 

allendick
Great Citizen / Super Citoyen

Thanks.  I am aware of all these and am not entirely reassured.  My main concern is loss of the number on which much depends by porting.

 

Porting seems to be susceptible to hacking by a number of means including simply studying a person's posts, making a few good guesses and finding some weak link in another provider's security. 

 

Mayb eit is not as easy as it sounds, but I guess my question is this: Is there any way to lock the account to Public Mobile so that it cannot be ported without my permission to Public Mobile. 

fujiyama
Deputy Mayor / Adjoint au Maire

Put in a fake/nonsense name and address in your Self Serve account (but ones that you can remember easily). When porting, the new carrier needs to verify that the account name matches, so having a fake name will help in preventing sim jacking. Also use strong passwords for Self Serve and your linked email account, and change them periodically.

 

Sim jacking incidents dropped a lot after they implemented the porting text verification though, so be alert but don't worry about it too much lol.

softech
Oracle
Oracle

Yes, we are very dependent on our phone these days and hence many bad guys are targeting the phone, SIM fraud...

 

2FA with SMS is easy but yes, it's not safe still.

 

https://www.forbes.com/sites/zakdoffman/2020/10/11/apple-iphone-imessage-and-android-messages-sms-pa...

 

 

 

Try using Authenticator as much as possible.  

Need Help? Let's chat.